Dears, Added info.
In the group used in the olcLimits, there are 2 users, and limits are unlimited for users I added before as "dn.base" but still remain blocked at 500 for the other one, so it seems the olcLimits by group/groupOfNames/member doesn't work correctly. Can you help me as it's a blocking issue on my prod systems. Thx, Jean-Luc. On Thu, Mar 24, 2022 at 12:27 PM <[email protected]> wrote: > Dears, > > Openldap version : 2.5.7 > > env 2 MMR 2 Replicas (test env) > > I've set and olclimit for one user (dn.base) on my DB and it works fine > but in order to move it on my production env, I decided to modify my > olclimit by using (group/groupOfNames/member) and place this user as member > of the group. This is also works fine on my test env. > > I did the same config on my production env which is 4 MMR 4 Replicas and > it didn't work :-( > > I did a lot of checks to see if there was any difference but it was > exactly the same configuration. > I did some other test on replicas first by adding a new olclimit for the > concerned user ( dn.base) which solved the issue. > I decided to remove this newly user olclimit, the olclimit > (group/groupOfNames/member) was still there, and was not my surprise, the > limitation for my user was still set to unlimited as expected. > I did the same on all replicas, adding concerned user, remove it and > limits were OK .... very strange. > As it was working on replicas, I did try the same on master but no luck, > my user stay still limited to 500 entries. > > Questions : > Is there an order to respect in olclimit type ? > why the config is working on test env and not on production one ? > > Thx to advice, > Jean-Luc >
