I have some groups with as many as 30K+ members. After enabling the memberOf plugin, ldap queries such as "(memberof:=cn=large_group,ou=groups,dc=org,dc=com)", only return a partial list of members. I've increased the following cn=config attributes but am not seeing an increase in records returned:
nsslapd-sizelimit nsslapd-lookthroughlimit nsslapd-idlistscanlimit I've been experimenting with various levels of logging to try to understand what might be preventing all of the records being returned, and have the following currently configured: nsslapd-accesslog-level: 514 nsslapd-errorlog-level: 114688 nsslapd-plugin-logging: on nsslapd-securitylog-level: 256 nsslapd-statlog-level: 0 I have yet to tweak any OS or application settings in regards to cache or anything else that might be warranted considering the number of ldap entries I expect to serve, so I expect there's work to be done in that regard. However I've yet to find any debug log to point me in the direction of figuring out why memberOf is only providing a partial list of all matching entries. Any advice on what log levels I might consider or what config attributes I should focus on to see about addressing my issue? Thank you, Bob My test platform: % grep SUSE /etc/*release PRETTY_NAME="SUSE Linux Enterprise Server 15 SP6" % rpm -q 389-ds 389-ds-2.2.10~git146.78a60e3ac-150600.8.23.1.x86_64 -- _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
