Re: [Freeipa-users] winsync agreement wipes IPA users

Rich Megginson Fri, 21 Sep 2012 06:26:26 -0700

On 09/21/2012 05:21 AM, Martin Kosek wrote:

When using bare ldapsearch, you are hitting 389-ds limits - in your case
nsslapd-sizelimit. This can be increased either globally or (this seems as a
more secure solution) for a user you bind as:


https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html

Steven, are you saying that winsync only pulled over 2000 out of 5700users from AD into IPA? If so, then that's a limit on the winsync userthat must be increased in AD.


Martin

On 09/21/2012 04:43 AM, Steven Jones wrote:

Hi,

It seems IPA has some sort of limit of searching it will only show the first 2k
of user entries?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

-------------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Friday, 21 September 2012 11:38 a.m.
*To:* Steven Jones
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users

On 09/20/2012 03:52 PM, Steven Jones wrote:

Hi,

I have imported users, but there are 5700 of them but I only have 2000 which
corresponds to the view that AD gives you by default.  This makes me think
that that limit is all the AD is allowing the query to see?

You can use https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
what winsync sees when it searches.

Is there a way to expand it?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

-------------------------------------------------------------------------------
*From:* freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]
on behalf of Steven Jones [steven.jo...@vuw.ac.nz]
*Sent:* Friday, 21 September 2012 8:44 a.m.
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users

I have hundreds of disable users in IPA now transferred from AD, is there a
quick/clean way to purge them from IPA?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] winsync agreement wipes IPA users

Reply via email to