On 05/17/2016 12:49 PM, Ludwig Krispenz wrote:
On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
Hello,
I am new to freeIPA and I am recently working on a project to
integrate freeIPA with some legacy application which uses LDAP for
user management.
I have initially created our own ldap structure and I tried to run
the code against freeIPA/389DS. While running this example I noticed
that 389DS takes quite some time to load profile data from the
different ldap nodes (~2000 entries). In a previous prototype using
OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000
with good results. I am wondering now whether we can do the same for
the freeIPA/389DS server. I found the following pages but I could not
work out what the exact command should be to modify those parameters.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
I attempted the following but received a ObjectClass violation:
[centos@ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D
"cn=Directory Manager" -w '<password>' -f slimit
modifying entry "dc=ldap,dc=adeptra,dc=com"
ldap_modify: Object class violation (65)
additional info: attribute "nsslapd-sizelimit" not allowed
slimit:
dn: dc=ldap,dc=example,dc=com
changetype: modify
add:nsslapd-sizelimit
nsslapd-sizelimit: 1000
I also attempted using a user dn but with the same result.
the example in the doc is unfortunately incorrect,
in the latest doc it is corected:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line
nsslapd-sizelimit is the general limit in cn=config, the attribute per
user is nsSizeLimit ( as used in the text in teh doc).
And you have to add it to a user used for binding
Can anybody help ?
Thanks,
Giuseppe.
Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac
(Adeptra) Limited (Co. No. 03295455) are registered in England and
Wales and have a registered office address of Cottons Centre, 5th
Floor, Hays Lane, London, SE1 2QP.
This email and any files transmitted with it are confidential,
proprietary and intended solely for the individual or entity to whom
they are addressed. If you have received this email in error please
delete it immediately.
--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
