per-dn limits

[Markus Wernig <listener@wernig.net>]

Hello all

I do not seem to be able to get per-dn limits working ...

openldap-2.4.25 on Solaris 11 x86

I have put the following in slapd.conf:

limits dn.exact="cn=repl_ldap,dc=domain,dc=com"
        size=unlimited
        time=unlimited

access to *
        by dn="cn=repl_ldap,dc=domain,dc=com" read
	...

(obviously the syncrepl user ;-)

and also:
syncrepl rid=1
...
	sizelimit="unlimited"	
	timelimit="unlimited"
	searchbase="dc=domain,dc=com"
	binddn="n=repl_ldap,dc=domain,dc=com"

on the consumer side


But the DN always gets a maximum of 500 entries, whether using
ldapsearch or during replication:

# ldapsearch -x -h localhost '(objectClass=*)'
-D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com"
Enter LDAP Password:XXXX

[...]

# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 501
# numEntries: 500

While there are ~700 entries in the directory.


The same happens during replication, where only 500 entries are synced
to the consumer (eg. if I delete the local DB on the consumer and
restart slapd)

Only if I set
...
sizelimit	unlimited
timelimit	unlimited
...

globally in the provider's slapd.conf (i.e. before any database
definition), does repl_ldap receive all entries.

Is there anything else I need to configure in order to allow the DN
access to all entries?

thx /markus

PS: I have also tried different variants of the following:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited