FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-01-2010, 01:00 PM
Juan Asensio Sánchez
 
Default 389DS ignoring nsslapd-sizelimit

Hi

We have just realized that our servers are ignoring the parameter nsslapd-sizelimit. If we do a search of the entire directory (about 50000 entries), we have a size limit exceeded:

# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D "uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W


[....]
Size limit exceeded (4)



These are the messages in the access log:

[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from 127.0.0.1 to 127.0.0.1
[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3


[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es" scope=2 filter="(objectClass=*)" attrs=ALL


[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101 nentries=2000 etime=3
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1


Although we have configured a size limit of 50000:



# egrep "(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit" /etc/dirsrv/slapd-pruebas/dse.ldif
nsslapd-sizelimit: 50000
nsslapd-lookthroughlimit: 50000
nsslapd-idlistscanlimit: 50000



Any idea about what is happening?

Regards.


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-01-2010, 01:01 PM
Juan Asensio Sánchez
 
Default 389DS ignoring nsslapd-sizelimit

One more note, this only happens in 1.2.5 versions, not in 1.1.3 (we have servers with two different versions).


El 1 de julio de 2010 15:00, Juan Asensio Sánchez <okelet@gmail.com> escribió:


Hi

We have just realized that our servers are ignoring the parameter nsslapd-sizelimit. If we do a search of the entire directory (about 50000 entries), we have a size limit exceeded:



# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D "uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W

[....]
Size limit exceeded (4)



These are the messages in the access log:

[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from 127.0.0.1 to 127.0.0.1
[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3



[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es" scope=2 filter="(objectClass=*)" attrs=ALL



[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101 nentries=2000 etime=3
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1


Although we have configured a size limit of 50000:




# egrep "(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit" /etc/dirsrv/slapd-pruebas/dse.ldif
nsslapd-sizelimit: 50000
nsslapd-lookthroughlimit: 50000
nsslapd-idlistscanlimit: 50000




Any idea about what is happening?

Regards.




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-01-2010, 07:04 PM
Noriko Hosoi
 
Default 389DS ignoring nsslapd-sizelimit

Which configuration entry does your nsslapd-sizelimit belong to?

nsslapd-sizelimit: 50000



Is it in "dn: cn=config"?

http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.htm l#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit



Thanks,

--noriko



On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:
Hi



We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about
50000 entries), we have a size limit exceeded:



# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D
"uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W

[....]

Size limit exceeded (4)





These are the messages in the access log:



[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
127.0.0.1 to 127.0.0.1

[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"

[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
scope=2 filter="(objectClass=*)" attrs=ALL

[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
nentries=2000 etime=3

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1





Although we have configured a size limit of 50000:



# egrep
"(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit"
/etc/dirsrv/slapd-pruebas/dse.ldif

nsslapd-sizelimit: 50000

nsslapd-lookthroughlimit: 50000

nsslapd-idlistscanlimit: 50000



Any idea about what is happening?



Regards.





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-02-2010, 08:44 AM
Juan Asensio Sánchez
 
Default 389DS ignoring nsslapd-sizelimit

Hello

Ehmmmmmm, well, you are right. nsslapd-sizelimit is in dn "cn=default instance config,cn=chaining database,cn=plugins,cn=config", not in "cn=config" as it should. I am not sure if the change to was done after or before upgrade from 1.1.3 to 1.2.5, so i don't know if the setting was lost or not. I will verify this when we will upgrade a new server.



Regards, and sorry .


2010/7/1 Noriko Hosoi <nhosoi@redhat.com>









Which configuration entry does your nsslapd-sizelimit belong to?

nsslapd-sizelimit: 50000



Is it in "dn: cn=config"?

http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.htm l#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit





Thanks,

--noriko



On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:
Hi



We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about
50000 entries), we have a size limit exceeded:



# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D
"uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W

[....]

Size limit exceeded (4)





These are the messages in the access log:



[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
127.0.0.1 to 127.0.0.1

[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"

[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
scope=2 filter="(objectClass=*)" attrs=ALL

[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
nentries=2000 etime=3

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1





Although we have configured a size limit of 50000:



# egrep
"(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit"
/etc/dirsrv/slapd-pruebas/dse.ldif

nsslapd-sizelimit: 50000

nsslapd-lookthroughlimit: 50000

nsslapd-idlistscanlimit: 50000



Any idea about what is happening?



Regards.




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-06-2010, 09:03 AM
Juan Asensio Sánchez
 
Default 389DS ignoring nsslapd-sizelimit

Hi

Just one more question. What is the meaning of having nsslapd-sizelimit in "cn=default instance config,cn=chaining database,cn=plugins,cn=config"? Is there any search limit in each database?

Regards.




2010/7/2 Noriko Hosoi <nhosoi@redhat.com>








Thank you for your update.* Don't be sorry.* I made the same mistake
before...



On 07/02/2010 01:44 AM, Juan Asensio Sánchez wrote:
Hello



Ehmmmmmm, well, you are right. nsslapd-sizelimit is in dn "cn=default
instance config,cn=chaining database,cn=plugins,cn=config", not in
"cn=config" as it should. I am not sure if the change to was done after
or before upgrade from 1.1.3 to 1.2.5, so i don't know if the setting
was lost or not. I will verify this when we will upgrade a new server.



Regards, and sorry .





2010/7/1 Noriko Hosoi <nhosoi@redhat.com>


Which configuration entry
does your nsslapd-sizelimit belong to?

nsslapd-sizelimit: 50000



Is it in "dn: cn=config"?

http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.htm l#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit





Thanks,

--noriko





On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:




Hi



We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about
50000 entries), we have a size limit exceeded:



# ldapsearch -H ldaps://localhost -x
-LLL -b "dc=XXXXX,dc=es" -D
"uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W

[....]

Size limit exceeded (4)





These are the messages in the access log:



[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
127.0.0.1 to 127.0.0.1

[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3

[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"

[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
scope=2 filter="(objectClass=*)" attrs=ALL

[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
nentries=2000 etime=3

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND

[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1





Although we have configured a size limit of 50000:



# egrep
"(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit"
/etc/dirsrv/slapd-pruebas/dse.ldif

nsslapd-sizelimit: 50000

nsslapd-lookthroughlimit: 50000

nsslapd-idlistscanlimit: 50000



Any idea about what is happening?



Regards.






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 05:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org