On 6/1/22 4:11 PM, Pierre Rogier wrote:
Hi Rainer,
try:
dsconf instanceName backend config set --idlistscanlimit 5000
Note: you must perform a full reindex or a reimport after changing this value
Actually you don't need to do that in 389ds (only SunDS), in 389DS we
actually index everything regardless of this setting. So making that
config change will work right away, but really I think you need to set
the lookthroughlimit like David suggested:
# dsconf instanceName backend config set --lookthroughlimit 5000
Mark
FYI: Browsing (or VLV) index does not help unless you are also using
VLV controls in the search request
On Wed, Jun 1, 2022 at 6:24 PM David Ritenour <d.riten...@martinfed.com> wrote:
Try setting the nslookthroughlimit to 5000 (or -1 for unlimited) on the entry
you are binding with.
Alternatively, you can set the nsslapd-lookthroughlimit to 5000 (or -1 for
unlimited) in the cn=config,cn=ldbm database,cn=plugins,cn=config entry but
doing so will remove the lookthroughlimit restriction for ANYONE searching the
directory.
In addition, I would avoid using a complex search with "objectClass=inetOrgPerson" if the
filter "uid=926*" is sufficient.
David Ritenour
Senior Directory Engineer
513 Madison Street SE
Huntsville, AL 35801
-----Original Message-----
From: Rainer Duffner <rai...@ultra-secure.de>
Sent: Wednesday, June 1, 2022 11:45 AM
To: General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>
Subject: [389-users] another question: searches running into administrative
limits
** WARNING: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.
Hi,
when searching for something like this:
LDAPTLS_REQCERT=never ldapsearch -xLLL -H ldaps://127.0.0.1:636 -D "cn=bla,dc=users,dc=bla,dc=org,dc=da" -W -b
'dc=ble,dc=bla,dc=org,dc=da' -s sub -a always "(&(objectclass=inetOrgPerson)(uid=926*))" "uid"
"objectClass"
I get the "Administrative limit exceeded (11)“ error message.
There are less than 5000 entries in that directory - and I’ve set the
size-limit to 5000 subsequently (from the default 2000).
I then created a Browsing Index on the „ble“ directory - but I still the the
error message.
Also enabled SubString Indexes for the uid attribute.
What else could there be?
Rainer
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send
an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
This email and any files transmitted with it are confidential and are intended
solely for the use of the individual or entity to which they are addressed. If
you are not the intended recipient or the person responsible for delivering the
email to the intended recipient, be advised that you have received this email
and any such files in error and that any use, dissemination, forwarding,
printing or copying of this email and/or any such files is strictly prohibited.
If you have received this email in error please immediately notify
h...@martinfed.com - (855) 212-1810 , and destroy the original message and any
such files.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure