On Mon, 16 May 2016, Giuseppe Sarno wrote:
I am new to freeIPA and I am recently working on a project to integrate
freeIPA with some legacy application which uses LDAP for user
management.  I have initially created our own ldap structure and I
tried to run the code against freeIPA/389DS. While running this example
I noticed that 389DS takes quite some time to load profile data from
the different ldap nodes (~2000 entries). In a previous prototype using
OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000
with good results. I am wondering now whether we can do the same for
the freeIPA/389DS server. I found the following pages but I could not
work out what the exact command should be to modify those parameters.



I attempted the following but received a ObjectClass violation:

[centos@ldap-389ds-ireland ~]$ ldapmodify  -h ldap-389ds-ip -D "cn=Directory Manager" 
-w '<password>' -f slimit
modifying entry "dc=ldap,dc=adeptra,dc=com"
ldap_modify: Object class violation (65)
       additional info: attribute "nsslapd-sizelimit" not allowed

dn: dc=ldap,dc=example,dc=com
changetype: modify
nsslapd-sizelimit: 1000

I also attempted using a user dn but with the same result.
nsslapd-sizelimit is either set globally in cn=config or should be set
per bind DN entry. Your dc=ldap,dc=adeptra,dc=com is not an entry that
can be used for LDAP BIND operation, a user entry would be usable.

But if your intent was to set it globally, just set it for a DN named

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to