Hi Bob,
Two things to try:
[1] Change the filter to (remove the colon):
"(memberof=cn=large_group,ou=groups,dc=org,dc=com)"
[2] Run the memberof fixup task:
# dsconf slapd-YOUR_INSTANCE_NAME plugins memberof fixup "dc=org,dc=com"
# dsconf slapd-YOUR_INSTANCE_NAME plugins memberof fixup-status --dn <DN
returned from the "fixup task"> --watch
Then run the search again once the fixup task finishes.
HTH,
Mark
On 12/16/25 5:44 PM, Bob Green via 389-users wrote:
I have some groups with as many as 30K+ members. After enabling the
memberOf plugin, ldap queries such as
"(memberof:=cn=large_group,ou=groups,dc=org,dc=com)", only return a
partial list of members. I've increased the following cn=config
attributes but am not seeing an increase in records returned:
nsslapd-sizelimit
nsslapd-lookthroughlimit
nsslapd-idlistscanlimit
I've been experimenting with various levels of logging to try to
understand what might be preventing all of the records being returned,
and have the following currently configured:
nsslapd-accesslog-level: 514
nsslapd-errorlog-level: 114688
nsslapd-plugin-logging: on
nsslapd-securitylog-level: 256
nsslapd-statlog-level: 0
I have yet to tweak any OS or application settings in regards to cache
or anything else that might be warranted considering the number of
ldap entries I expect to serve, so I expect there's work to be done in
that regard. However I've yet to find any debug log to point me in
the direction of figuring out why memberOf is only providing a partial
list of all matching entries.
Any advice on what log levels I might consider or what config
attributes I should focus on to see about addressing my issue?
Thank you,
Bob
My test platform:
% grep SUSE /etc/*release
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP6"
% rpm -q 389-ds
389-ds-2.2.10~git146.78a60e3ac-150600.8.23.1.x86_64
--
Identity Management Development Team
--
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
