Hello, I am new to freeIPA and I am recently working on a project to integrate freeIPA with some legacy application which uses LDAP for user management. I have initially created our own ldap structure and I tried to run the code against freeIPA/389DS. While running this example I noticed that 389DS takes quite some time to load profile data from the different ldap nodes (~2000 entries). In a previous prototype using OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000 with good results. I am wondering now whether we can do the same for the freeIPA/389DS server. I found the following pages but I could not work out what the exact command should be to modify those parameters.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html I attempted the following but received a ObjectClass violation: [centos@ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D "cn=Directory Manager" -w '<password>' -f slimit modifying entry "dc=ldap,dc=adeptra,dc=com" ldap_modify: Object class violation (65) additional info: attribute "nsslapd-sizelimit" not allowed slimit: dn: dc=ldap,dc=example,dc=com changetype: modify add:nsslapd-sizelimit nsslapd-sizelimit: 1000 I also attempted using a user dn but with the same result. Can anybody help ? Thanks, Giuseppe. Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac (Adeptra) Limited (Co. No. 03295455) are registered in England and Wales and have a registered office address of Cottons Centre, 5th Floor, Hays Lane, London, SE1 2QP. This email and any files transmitted with it are confidential, proprietary and intended solely for the individual or entity to whom they are addressed. If you have received this email in error please delete it immediately.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
