Hello all
I do not seem to be able to get per-dn limits working ...
openldap-2.4.25 on Solaris 11 x86
I have put the following in slapd.conf:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com"
size=unlimited
time=unlimited
access to *
by dn="cn=repl_ldap,dc=domain,dc=com" read
...
(obviously the syncrepl user ;-)
and also:
syncrepl rid=1
...
sizelimit="unlimited"
timelimit="unlimited"
searchbase="dc=domain,dc=com"
binddn="n=repl_ldap,dc=domain,dc=com"
on the consumer side
But the DN always gets a maximum of 500 entries, whether using
ldapsearch or during replication:
# ldapsearch -x -h localhost '(objectClass=*)'
-D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com"
Enter LDAP Password:XXXX
[...]
# search result
search: 2
result: 4 Size limit exceeded
# numResponses: 501
# numEntries: 500
While there are ~700 entries in the directory.
The same happens during replication, where only 500 entries are synced
to the consumer (eg. if I delete the local DB on the consumer and
restart slapd)
Only if I set
...
sizelimit unlimited
timelimit unlimited
...
globally in the provider's slapd.conf (i.e. before any database
definition), does repl_ldap receive all entries.
Is there anything else I need to configure in order to allow the DN
access to all entries?
thx /markus
PS: I have also tried different variants of the following:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
