On Wed, 2011-10-26 at 13:32 -0500, Endi Sukma Dewata wrote:
> On 10/26/2011 1:21 PM, Martin Kosek wrote:
> >>> For huge installations there is no way we can do unbound queries. There
> >>> will always be some limit on the number of entries returned, searched, 
> >>> etc.
> >>
> >> Yes, but the search limit using paged results needs to be reasonably
> >> bigger than the standard 100 entries, enough to be used in most 
> >> deployments.
> >
> > Btw. this is just our arbitrary limit. The default value is 100, but it
> > can be modified via ipa config-mod --searchrecordslimit=INT. You can
> > also use --sizelimit and --timelimit parameters for most of *-find
> > commands to control the limits.
> >
> > I tried:
> > ipa user-find --pkey-only --sizelimit=0
> >
> > and it returned all 300 records in 5.4 seconds.
> I think we probably need 2 different size limits: one for regular 
> queries (set on LDAP server) and the other for pulling primary keys 
> (maintained by IPA server).
> Suppose we have a system with 5000 users, we need to be able to pull all 
> 5000 primary keys. But for regular queries we probably still want to 
> keep a smaller limit.

This is true, but I am not sure how can we help on server side with
this. Limits are something that CLI user or Web UI should control via
--sizelimit and --timelimit parameters and the config-mod setting I
referred to. Can you use --pkey-only, --sizelimit and --timelimit
parameters to manage large data sets in WebUI or would you need another

What we can do is to make sure that all our *-find commands have
--sizelimit and --timelimit parameters. I see that for example
delegation-find does not have one.


Freeipa-devel mailing list

Reply via email to