Thanks. Yes, very helpful.
For the group that lists our accounts I now have full DN
dn: cn=admins,ou=group,dc=server,dc=domain objectClass: posixGroup objectClass: top cn: admins memberUid: uid=user,ou=accounts,dc=server,dc=domain
slapd.conf:
limits group/posixGroup/memberUid="cn=admins,ou=group,dc=server,dc=domain" size=unlimited time=unlimited
Though I am still hitting the limit.
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Wed, Jul 19, 2017 at 6:25 PM, Quanah Gibson-Mount quanah@symas.com wrote:
--On Tuesday, July 18, 2017 4:32 PM -0400 Douglas Duckworth dod2014@med.cornell.edu wrote:
# admins, group, ldap.server dn: cn=admins,dc=blah objectClass: posixGroup objectClass: top cn: admins memberUid: admin1 memberUid: admin2
Do you have any insight into what could be causing this behavior? I have not found the answer yet through extensive searching of the internets.
Hi Douglas,
The answer lies in the slapd.conf(5) man page, in the description of the "limits" directive, specifically in this portion:
"sets the limits for any DN listed in the values of the at attribute"
memberUID does not contain a DN, therefore it cannot be used. Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.proofpoint.com/v2/url?u=http- 3A__www.symas.com&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9- RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m= 91FmzFy5LT0oV9_Olhg0-lXej0TEADB8w4Tft72zqXs&s= rnsVibsarNFQ1327v29L487KiPFGapoLz4PZ55l7Hsc&e= >
openldap-technical@openldap.org
-
Douglas Duckworth