I pulled up our dse.ldif and we've got:

nsslapd-sizelimit: 99999


nsslapd-lookthroughlimit: 99999
nsslapd-idlistscanlimit: 99999

So I'm still not sure why I'm being limited to 5000 in my query response. In fact, the number 5000 doesn't exist in dse.ldif at all.

BTW, I misspoke in my original post -- "searchlimit" should read, "sizelimit".


On 02/13/2018 01:09 PM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
I've run up against a limit I can't seem to adjust.

When listing a particular DNS zone which has well over 5000 hosts in it,
we keep getting "Search result has been truncated: Configured
administrative server limit exceeded."

I've tried fixing this in a number of ways. We've shut down the
services, edited dse.ldif to raise nsslapd-searchlimit to 99999 and
restarted, but:

#ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep
snsslapd-sizelimit: 2000

What do I need to do to be able to list all my DNS entries for this
zone? This 5000 limit is enforced through the CLI as well, as "ipa
dnsrecord-find damascusgrp.com --sizelimit=99999" will only return 5000
entries. I know it's taxing and intensive, but I need to be able to
query the WHOLE set of records we have without this restriction.

How can I get around this?
Have you looked at

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to