On Mon, 16 May 2016, Giuseppe Sarno wrote:
Hello,
I am new to freeIPA and I am recently working on a project to integrate
freeIPA with some legacy application which uses LDAP for user
management.  I have initially created our own ldap structure and I
tried to run the code against freeIPA/389DS. While running this example
I noticed that 389DS takes quite some time to load profile data from
the different ldap nodes (~2000 entries). In a previous prototype using
OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000
with good results. I am wondering now whether we can do the same for
the freeIPA/389DS server. I found the following pages but I could not
work out what the exact command should be to modify those parameters.

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html

http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html

I attempted the following but received a ObjectClass violation:

[centos@ldap-389ds-ireland ~]$ ldapmodify  -h ldap-389ds-ip -D "cn=Directory Manager" 
-w '<password>' -f slimit
modifying entry "dc=ldap,dc=adeptra,dc=com"
ldap_modify: Object class violation (65)
       additional info: attribute "nsslapd-sizelimit" not allowed

slimit:
dn: dc=ldap,dc=example,dc=com
changetype: modify
add:nsslapd-sizelimit
nsslapd-sizelimit: 1000

I also attempted using a user dn but with the same result.
nsslapd-sizelimit is either set globally in cn=config or should be set
per bind DN entry. Your dc=ldap,dc=adeptra,dc=com is not an entry that
can be used for LDAP BIND operation, a user entry would be usable.

But if your intent was to set it globally, just set it for a DN named
cn=config.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to