Hello all! I believe I may be falling victim to the nsslapd-sizelimit's default setting of 2,000.
I've been wondering why some JSON calls to IPA (3.0.37, user_find) have been failing to show all user accounts in the results. Checking the FreeIPA admin UI, I can clearly find the users in question, but no matter what changes I set in the UI on the the console with search record limits and time limits, only 2,000 entries are ever returned. A final test this morning by adding an account via the UI did not augment the 2,000 entries returned in the user list; searching for the user on the console with 'ipa user-show y* --all' and via the search frame in the UI found the user. Looking over the documentation, it's stated that you can use the UI to update the limits. However, the limit is already set at 10,000 for the number of records to be returned, and the time limit is set at 60. The current dse.ldiff states that the nsslapd-sizelimit is 2,000. Is it possible that IPA isn't respecting this value since the constant number is 2,000? Is it safe to change this value via an ldapmodify? Thank you! John DeSantis -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project