On 16.5.2016 23:19, Giuseppe Sarno wrote: > Hello, > I am new to freeIPA and I am recently working on a project to integrate > freeIPA with some legacy application which uses LDAP for user management. > I have initially created our own ldap structure and I tried to run the code > against freeIPA/389DS. While running this example I noticed that 389DS takes > quite some time to load profile data from the different ldap nodes (~2000 > entries). In a previous prototype using OpenDJ we had to increase the > parameter ds-cfg-size-limit: to ~1000 with good results. I am wondering now > whether we can do the same for the freeIPA/389DS server. I found the > following pages but I could not work out what the exact command should be to > modify those parameters. > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html > > http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html > > I attempted the following but received a ObjectClass violation: > > [centos@ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D "cn=Directory > Manager" -w '<password>' -f slimit > modifying entry "dc=ldap,dc=adeptra,dc=com" > ldap_modify: Object class violation (65) > additional info: attribute "nsslapd-sizelimit" not allowed
System-wide config is stored in "cn=config". For further details please see https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line Petr^2 Spacek > slimit: > dn: dc=ldap,dc=example,dc=com > changetype: modify > add:nsslapd-sizelimit > nsslapd-sizelimit: 1000 > > I also attempted using a user dn but with the same result. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
