Re: [Freeipa-users] DNS search timeouts and incomplete results

2016-12-13 Thread Martin Basti
Receiving huge list of entries is not a cheap operation, that's why there is a default max limit set to 100/2000 entries. You have to count with that. Maybe direct AXFR from DNS may be more suitable for you, to get the complete list of DNS records per zone. But if you are fine with speed,

Re: [Freeipa-users] DNS search timeouts and incomplete results

2016-12-13 Thread Mike Driscoll
Thanks Martin. That is the cause... $ ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep nsslapd-sizelimit Enter LDAP Password: nsslapd-sizelimit: 2000 This command results in a similar problem that only 100 of 270 record names were returned. $ ipa dnsrecord-find

Re: [Freeipa-users] DNS search timeouts and incomplete results

2016-12-13 Thread Martin Basti
Tomas already replied to you, copying here as archives are currently offline to prevent spam """ Hi, you seem to be hitting the size limit on LDAP side. To verify, check ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep nsslapd-sizelimit If you really need to increase

[Freeipa-users] DNS search timeouts and incomplete results

2016-12-13 Thread Mike Driscoll
Any thoughts about this sizelimit bug? Mike > On Nov 28, 2016, at 14:44, Mike Driscoll wrote: > > I'm running: > # rpm -qa | grep ipa-server > ipa-server-4.4.0-12.0.1.el7.x86_64 > ipa-server-dns-4.4.0-12.0.1.el7.noarch > ipa-server-common-4.4.0-12.0.1.el7.noarch >

Re: [Freeipa-users] DNS search timeouts and incomplete results

2016-11-29 Thread Tomas Krizek
On 11/28/2016 11:44 PM, Mike Driscoll wrote: I'm running: # rpm -qa | grep ipa-server ipa-server-4.4.0-12.0.1.el7.x86_64 ipa-server-dns-4.4.0-12.0.1.el7.noarch ipa-server-common-4.4.0-12.0.1.el7.noarch Searching DNS for all hostnames containing "qa" times out in the GUI. Setting aside the

[Freeipa-users] DNS search timeouts and incomplete results

2016-11-28 Thread Mike Driscoll
I'm running: # rpm -qa | grep ipa-server ipa-server-4.4.0-12.0.1.el7.x86_64 ipa-server-dns-4.4.0-12.0.1.el7.noarch ipa-server-common-4.4.0-12.0.1.el7.noarch Searching DNS for all hostnames containing "qa" times out in the GUI. Setting aside the option to change server defaults, this cli command