On 16.5.2016 23:19, Giuseppe Sarno wrote:
> Hello,
> I am new to freeIPA and I am recently working on a project to integrate 
> freeIPA with some legacy application which uses LDAP for user management.
> I have initially created our own ldap structure and I tried to run the code 
> against freeIPA/389DS. While running this example I noticed that 389DS takes 
> quite some time to load profile data from the different ldap nodes (~2000 
> entries). In a previous prototype using OpenDJ we had to increase the 
> parameter ds-cfg-size-limit: to ~1000 with good results. I am wondering now 
> whether we can do the same for the freeIPA/389DS server. I found the 
> following pages but I could not work out what the exact command should be to 
> modify those parameters.
> 
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
> 
> http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
> 
> I attempted the following but received a ObjectClass violation:
> 
> [centos@ldap-389ds-ireland ~]$ ldapmodify  -h ldap-389ds-ip -D "cn=Directory 
> Manager" -w '<password>' -f slimit
> modifying entry "dc=ldap,dc=adeptra,dc=com"
> ldap_modify: Object class violation (65)
>         additional info: attribute "nsslapd-sizelimit" not allowed

System-wide config is stored in "cn=config".

For further details please see
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line

Petr^2 Spacek


> slimit:
> dn: dc=ldap,dc=example,dc=com
> changetype: modify
> add:nsslapd-sizelimit
> nsslapd-sizelimit: 1000
> 
> I also attempted using a user dn but with the same result.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to