I pulled up our dse.ldif and we've got:
nsslapd-sizelimit: 99999
and
nsslapd-lookthroughlimit: 99999
nsslapd-idlistscanlimit: 99999
So I'm still not sure why I'm being limited to 5000 in my query
response. In fact, the number 5000 doesn't exist in dse.ldif at all.
BTW, I misspoke in my original post -- "searchlimit" should read,
"sizelimit".
Bret
On 02/13/2018 01:09 PM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
I've run up against a limit I can't seem to adjust.
When listing a particular DNS zone which has well over 5000 hosts in it,
we keep getting "Search result has been truncated: Configured
administrative server limit exceeded."
I've tried fixing this in a number of ways. We've shut down the
services, edited dse.ldif to raise nsslapd-searchlimit to 99999 and
restarted, but:
#ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep
nsslapd-sizelimit
snsslapd-sizelimit: 2000
What do I need to do to be able to list all my DNS entries for this
zone? This 5000 limit is enforced through the CLI as well, as "ipa
dnsrecord-find damascusgrp.com --sizelimit=99999" will only return 5000
entries. I know it's taxing and intensive, but I need to be able to
query the WHOLE set of records we have without this restriction.
How can I get around this?
Have you looked at
http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
