On Wed, 2011-10-26 at 13:32 -0500, Endi Sukma Dewata wrote:
> On 10/26/2011 1:21 PM, Martin Kosek wrote:
> >>> For huge installations there is no way we can do unbound queries. There
> >>> will always be some limit on the number of entries returned, searched,
> >>> etc.
> >> Yes, but the search limit using paged results needs to be reasonably
> >> bigger than the standard 100 entries, enough to be used in most
> >> deployments.
> > Btw. this is just our arbitrary limit. The default value is 100, but it
> > can be modified via ipa config-mod --searchrecordslimit=INT. You can
> > also use --sizelimit and --timelimit parameters for most of *-find
> > commands to control the limits.
> > I tried:
> > ipa user-find --pkey-only --sizelimit=0
> > and it returned all 300 records in 5.4 seconds.
> I think we probably need 2 different size limits: one for regular
> queries (set on LDAP server) and the other for pulling primary keys
> (maintained by IPA server).
> Suppose we have a system with 5000 users, we need to be able to pull all
> 5000 primary keys. But for regular queries we probably still want to
> keep a smaller limit.
This is true, but I am not sure how can we help on server side with
this. Limits are something that CLI user or Web UI should control via
--sizelimit and --timelimit parameters and the config-mod setting I
referred to. Can you use --pkey-only, --sizelimit and --timelimit
parameters to manage large data sets in WebUI or would you need another
What we can do is to make sure that all our *-find commands have
--sizelimit and --timelimit parameters. I see that for example
delegation-find does not have one.
Freeipa-devel mailing list