Hi, does paging in this context refer to a caching mechanism? Even the man pages says paging, could be paging like less/more. :)
Bye. On Wed, Oct 20, 2010 at 11:56, Jocke M <[email protected]> wrote: > Hi, > > It was not a wild guess. As soon as I added the value "nss_paged_results no" > it worked. > Now getent always returns 1624 users. > > Thank you > > /Jocke > > On Wed, Oct 20, 2010 at 11:11, Ralf Haferkamp <[email protected]> wrote: >> >> Hi, >> >> Am Mittwoch 20 Oktober 2010, 08:33:32 schrieb Jocke M: >> > Hi, >> > >> > I did use the ldapsearch and here is what I found out >> > >> > ldapsearch "ldapserver" returned 1586 users >> > /etc/passwd has 38 users >> > >> > nsswitch.conf >> > passwd: files ldap >> > >> > So sometimes I assume getent returns files (38) + ldap (1586) = 1624 >> > >> > But mostly getent only returns 1038 >> > >> > Sizelimit on the ldap server is set to 5000 >> > >> > Can it be that sometimes only 1000 users gets returned from the getent >> > ldap search? And if so, why? >> This is just a wild guess, but IIRC, 1000 is the default page size when >> nss_ldap is configured to use the LDAP paging control. Problably the >> nss_ldap Version or your server has problems processing this control, >> IIRC there have been some problems with paged results in nss_ldap in the >> past. Please test what happens if you use "nss_paged_results no" in your >> nss_ldap config (hopefully you nss_ldap is recent enough to have that >> option). >> >> > /Jocke >> > >> > On Tue, Oct 19, 2010 at 14:55, Prentice Bisbal <[email protected]> >> wrote: >> > > Jocke M wrote: >> > > > Hello, >> > > > >> > > > We are running an OpenLDAP server on RHEL4 and I just found out >> > > > that running getent on the RHEL clients sometimes missed users >> > > > against the OpenLDAP server. >> > > > >> > > > Example: >> > > > getent passwd | wc -l >> > > > 1038 >> > > > >> > > > getent passwd | wc -l >> > > > 1624 >> > > > >> > > > Does anyone know what can be faulty, either on the clients or the >> > > > server? >> > > > >> > > > -- >> > > > Thx >> > > > Jocke >> > > >> > > Did those results occur on the same client, or are those results >> > > from two different clients? >> > > >> > > If two different clients are returning different results, I'd >> > > compare the /etc/ldap.conf and /etc/openldap/ldap.conf files first. >> > > It could be that one has a different filter criteria than the >> > > other. Or, if you've recently upgraded your LDAP servers, one >> > > client could still be point to an old LDAP server that doesn't have >> > > new entries. >> > > >> > > Try using the ldapsearch command with the same search criteria and >> > > see if you get the same results. I would use the -h or -H switch to >> > > make sure you are using the server you think you are using (change >> > > specifics accordingly) >> > > >> > > ldapsearch -LLL -h yourldapserver.example.com -b dc=example,dc=com >> > > "objectClass=posixAccount" dn >> > > >> > > -- >> > > Prentice >> >> Ralf > > > > -- > Mvh > Jocke > -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
