[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: per-dn limits

Hi all

I have reproduced the same behaviour with 2.4.28 on Linux and Solaris.

Any chance this is a recursion/bug?

krgds /markus

On 11/24/11 21:23, Markus Wernig wrote:
> Hello all
> 
> I do not seem to be able to get per-dn limits working ...
> 
> openldap-2.4.25 on Solaris 11 x86
> 
> I have put the following in slapd.conf:
> 
> limits dn.exact="cn=repl_ldap,dc=domain,dc=com"
>         size=unlimited
>         time=unlimited
> 
> access to *
>         by dn="cn=repl_ldap,dc=domain,dc=com" read
> 	...
> 
> (obviously the syncrepl user ;-)
> 
> and also:
> syncrepl rid=1
> ...
> 	sizelimit="unlimited"	
> 	timelimit="unlimited"
> 	searchbase="dc=domain,dc=com"
> 	binddn="n=repl_ldap,dc=domain,dc=com"
> 
> on the consumer side
> 
> 
> But the DN always gets a maximum of 500 entries, whether using
> ldapsearch or during replication:
> 
> # ldapsearch -x -h localhost '(objectClass=*)'
> -D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com"
> Enter LDAP Password:XXXX
> 
> [...]
> 
> # search result
> search: 2
> result: 4 Size limit exceeded
> 
> # numResponses: 501
> # numEntries: 500
> 
> While there are ~700 entries in the directory.
> 
> 
> The same happens during replication, where only 500 entries are synced
> to the consumer (eg. if I delete the local DB on the consumer and
> restart slapd)
> 
> Only if I set
> ...
> sizelimit	unlimited
> timelimit	unlimited
> ...
> 
> globally in the provider's slapd.conf (i.e. before any database
> definition), does repl_ldap receive all entries.
> 
> Is there anything else I need to configure in order to allow the DN
> access to all entries?
> 
> thx /markus
> 
> PS: I have also tried different variants of the following:
> limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited
> time.hard=unlimited size.soft=unlimited size.hard=unlimited
>