Ranbir via FreeIPA-users wrote: > On Thu, 2025-09-11 at 11:16 +0200, Florence Blanc-Renaud via FreeIPA- > users wrote: >> Hi, >> >> all the ipa * calls use a search size limit and search time limit to >> avoid returning too many entries. In order to see those settings, you >> can do: >> # kinit admin >> # ipa config-show >> ... >> Search time limit: 2 >> Search size limit: 100 >> ... > > About 5 minutes after I sent the message, I of course figured out I was > likely hitting the search size limit. I've never changed it so I didn't > have any reason to check if it was still the default 100. I went > straight to writing an ldif file and updated it to 1000. The errors are > gone now. > > Thank you kindly for replying though! I don't know why problems are > solved right after mailing mail lists. What the heck is that all about?
I'd suggest you reduce this to a smaller value, say 200, and see how that goes. Every API command that does an LDAP search uses this value to restrict the amount of data returned. The value of 100 was chosen to discourage bad practices like in NIS doing things like ypcat passwd | grep someuser. A value too large could impact overall performance depending on the number of users using the WebUI and/or ipa command-line tools. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
