On 09/25/2012 09:46 PM, Rob Crittenden wrote:
Steven Jones wrote:
I dont have a ldapmodify command for changing something in AD.
I have increased the only scope I/we know about which is the return
of objects from a search inside the AD gui but that might be specific
to that view tool. That is 2000 by default, Ive set 40000, I am
testing it now, if that doesn't work....
Our best AD person is currently researching to see if its even
possible to alter that hard code in AD. The only way he can see is
using a windows/ad specific command line command to modify the
internals of AD but he's never seen or read about doing it for this
Rich knows more about this than me, so maybe he knows what value
you're changing, but I don't. Where exactly in the AD gui are you
changing the value to 40k?
There are limits you can set that apply only to the GUI, and there are
limits you can set which apply to LDAP. It's possible you set some
limits which only apply to the windows GUI.
I don't see any setting which directly corresponds to sizelimit. The
only ones that control the size of the result set are: MaxPageSize,
which seems only to apply to paged result searches; MaxTempTableSize,
which sounds something like our idlistscanlimit and could be applicable
here; and MaxResultSetSize, which could also be applicable here.
Do you have more than 10000 entries in your active directory? Might AD
be attempting to return more than 262,144 bytes?
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 26 September 2012 1:31 p.m.
To: Rich Megginson
Cc: Steven Jones; firstname.lastname@example.org
Subject: Re: [Freeipa-users] winsync agreement wipes IPA users
Rich Megginson wrote:
On 09/25/2012 03:34 PM, Steven Jones wrote:
I have set the filter size as 20000 for the user and it makes no
Where did you set this? In IPA? In AD? If so, where? How?
What does "filter size" mean? To me, it means "the size of an LDAP
search filter in an LDAP search request" not "the maximum number of
entries returned by a search".
The more details you can provide on what you did the better. This might
include the exact ldapmodify command, where you entered it in AD, the
attribute names, whichever is applicable.
Freeipa-users mailing list