On 12/20/18 3:49 PM, Jared Ledvina via FreeIPA-users wrote:
Hi folks,
I recently posted a thread to pki-users,
https://www.redhat.com/archives/pki-users/2018-December/msg00003.html . Working
with 'cipherboy' on IRC in #dogtag-pki, we narrowed the issue down to the
searches that Dogtag performs against a VLV index/search. These are being
paginated to 2,000 entries. I've since, opened up:
https://bugzilla.redhat.com/show_bug.cgi?id=1658280 but, haven't been able to
figure out a solution. I'm hoping that someone on this list might be able to
troubleshoot further with me on this.
Has anyone looked at this before? So far, I'm unable to determine where the
2,000 paging size is getting set.
The linked bugzilla issue should have a bunch of necessary details but, I'm
happy to provide any additional details that might help.
Thanks,
Jared
Hi,
the size and time limits can be defined at multiple levels:
* per user:
dn: uid=<user>,cn=users,cn=accounts,$BASEDN
nsSizeLimit:
nsTimeLimit:
nsLookThroughLimit:
nsPagedLookThroughLimit:
nsPagedSizeLimit:
nsIdleTimeout:
nsIDListScanLimit:
nsPagedIDListScanLimit:
The meaning for each attribute can be found in [1].
* if it's not defined at the user level, the global ds settings apply
dn: cn=config
nsslapd-sizelimit:
nsslapd-timelimit:
nsslapd-pagedsizelimit:
nsslapd-idletimeout:
nsslapd-anonlimitsdn: cn=anonymous-limits,cn=etc,$BASEDN (points to an
entry containing limits for anonymous operations)
The meaning for each attribute can be found in [1].
* settings per DS database:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
nsslapd-lookthroughlimit:
nsslapd-idlistscanlimit:
nsslapd-pagedlookthroughlimit:
nsslapd-pagedidlistscanlimit:
nsslapd-rangelookthroughlimit:
The meaning for each attribute can be found in [2].
* settings at IPA level:
dn: cn=ipaconfig,cn=etc,$BASEDN
ipaSearchRecordsLimit:
ipaSearchTimeLimit:
If you find your 2000 value in one of those attributes, you will be able
to understand which limit applies.
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/operational_attributes_special_attributes_and_special_object_classes
[2]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig
[3]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/database_plug_in_attributes#Database_Attributes_under_cnconfig_cnldbm_database_cnplugins_cnconfig
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
