On Wed, Dec 24, 2025 at 10:39 AM Mark Reynolds <[email protected]> wrote: > > Hey Bob, > > What you want is probably pointer COS: > > https://docs.redhat.com/en/documentation/red_hat_directory_server/11/html-single/administration_guide/index#About_CoS-How_a_Pointer_CoS_Works > > The issue with this is it works for all entries under a subtree. There > is no filtering. So you can apply it to all users under > ou=people,dc=example,dc=com by creating the COS definition entry > directly under that branch. > > Not sure if this will work for you, but it's all we got at the moment.
Thank you. I managed to get this to work once I realized that the nsSizeLimit and nsLookThroughLimit cosAttribute entries had to include operational in the cosPointerDefinition: cosAttribute: nsSizeLimit operational cosAttribute: nsLookThroughLimit operational I am now running into "Time limit exceeded (3)" when running a query that takes over 30 seconds. I was hoping adding nstimelimit: -1 to the COS template would overcome this limitation, but I have yet to get it to work. I've tried adjusting a variety of cn=config limit and time(out) attributes but to no avail. Can anyone please point me to whatever attribute needs adjusting? BTW, my queries are GSSAPI over TLS which is arguably unnecessary since GSSAPI will encrypt the comms. I mention this in case something like nssslsessiontimeout is responsible for the timeout. Thanks, Bob -- _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
