On 09/24/2012 09:49 PM, Steven Jones wrote:
Hi,
Im confused here, has no one tried to winsync 2000+ users before?
You are the first one to run into this problem.
Are there any docs on working around this limit?
In AD?
Ive up'd the user to 20000
How? What exactly did you do?
but that seems to have had no effect....my AD ppl dont know of any other way to
increase that at present.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Tuesday, 25 September 2012 3:17 p.m.
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] winsync agreement wipes IPA users
Hi,
I am trying to run this and getting search exceeded.
ldapsearch -xLLL -D<winsync_binddn> -w<passwd> -h<AD_host> -s sub -b
OU=VUW_Staff,DC=staff,DC=vuw,DC=ac,DC=nz "cn=*" dn> ad.dns.txt
Looks like I have 5900 AD users buy only 4300 are transferred to IPA...they
also lose their IPA groups which is a bit of a bummer.
:(
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Rich Megginson [rmegg...@redhat.com]
Sent: Saturday, 22 September 2012 3:46 a.m.
To: d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] winsync agreement wipes IPA users
On 09/21/2012 09:18 AM, Dmitri Pal wrote:
On 09/21/2012 11:07 AM, Rich Megginson wrote:
On 09/21/2012 09:04 AM, Dmitri Pal wrote:
On 09/21/2012 09:23 AM, Rich Megginson wrote:
On 09/21/2012 05:21 AM, Martin Kosek wrote:
When using bare ldapsearch, you are hitting 389-ds limits - in your
case
nsslapd-sizelimit. This can be increased either globally or (this
seems as a
more secure solution) for a user you bind as:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
Steven, are you saying that winsync only pulled over 2000 out of 5700
users from AD into IPA? If so, then that's a limit on the winsync user
that must be increased in AD.
Rich, it seems that it might make sense to file an RFE for the winsync
to support paging control.
AD supports the paging control? And this allows you to get around the
search limit?
http://msdn.microsoft.com/en-us/library/windows/desktop/aa367011%28v=vs.85%29.aspx
The default usually 2K BTW.
https://fedorahosted.org/389/ticket/472
Martin
On 09/21/2012 04:43 AM, Steven Jones wrote:
Hi,
It seems IPA has some sort of limit of searching it will only show
the first 2k
of user entries?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
-------------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Friday, 21 September 2012 11:38 a.m.
*To:* Steven Jones
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
On 09/20/2012 03:52 PM, Steven Jones wrote:
Hi,
I have imported users, but there are 5700 of them but I only have
2000 which
corresponds to the view that AD gives you by default. This makes
me think
that that limit is all the AD is allowing the query to see?
You can use
https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
what winsync sees when it searches.
Is there a way to expand it?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
-------------------------------------------------------------------------------
*From:* freeipa-users-boun...@redhat.com
[freeipa-users-boun...@redhat.com]
on behalf of Steven Jones [steven.jo...@vuw.ac.nz]
*Sent:* Friday, 21 September 2012 8:44 a.m.
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
I have hundreds of disable users in IPA now transferred from AD, is
there a
quick/clean way to purge them from IPA?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users