Thanks Martin. That is the cause... $ ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep nsslapd-sizelimit Enter LDAP Password: nsslapd-sizelimit: 2000
This command results in a similar problem that only 100 of 270 record names were returned. $ ipa dnsrecord-find mydomain.com qa If I specify these limits, I get all 270 records as expected. $ ipa dnsrecord-find mydomain.com qa --sizelimit=10000 --timelimit=20 I have the impression this default size limit meets most needs. Is my approach wrong when wanting to dump the entire DNS list of records via ipa dnsrecord-find? Mike > On Dec 13, 2016, at 08:17, Martin Basti <[email protected]> wrote: > > Tomas already replied to you, copying here as archives are currently offline > to prevent spam > > """ > > Hi, > > you seem to be hitting the size limit on LDAP side. To verify, check > > ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep > nsslapd-sizelimit > > If you really need to increase this size limit, you will have to modify the > nsslapd-sizelimit in cn=config. > > """ > > Martin > > > On 13.12.2016 17:06, Mike Driscoll wrote: >> Any thoughts about this sizelimit bug? >> >> Mike >> >> >> >>> On Nov 28, 2016, at 14:44, Mike Driscoll <[email protected]> wrote: >>> >>> I'm running: >>> # rpm -qa | grep ipa-server >>> ipa-server-4.4.0-12.0.1.el7.x86_64 >>> ipa-server-dns-4.4.0-12.0.1.el7.noarch >>> ipa-server-common-4.4.0-12.0.1.el7.noarch >>> >>> Searching DNS for all hostnames containing "qa" times out in the GUI. >>> Setting aside the option to change server defaults, this cli command isn't >>> giving me the content I need: >>> >>> # ipa dnsrecord-find mydomain.com --sizelimit=10000 --timelimit=20 | grep qa >>> ipa: WARNING: Search result has been truncated: Configured size limit >>> exceeded >>> >>> It seems like the sizelimit parameter greater than two thousand is being >>> ignored: >>> >>> # ipa dnsrecord-find mydomain.com --sizelimit=1900 --timelimit=20 >>> ... >>> ------------------------------- >>> Number of entries returned 1900 >>> ------------------------------- >>> >>> # ipa dnsrecord-find mydomain.com --sizelimit=2100 --timelimit=20 >>> ... >>> ------------------------------- >>> Number of entries returned 2000 >>> ------------------------------- >>> >>> Any suggestions? >>> >>> Mike >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
