Thanks for the clarification.
On Fri, Dec 13, 2013 at 3:15 PM, Dieter Klünter <[email protected]> wrote: > Am Fri, 13 Dec 2013 13:09:07 -0600 > schrieb Jason Brandt <[email protected]>: > > > My pleasure. That command should work for any changes you need to > > make to the base config, acl's, indexes, etc. > > No! That depends on the linux distribution. In order to modify the > config database one has to be authenticated as rootdn cn=config. > Some distributions, but not all, have an entry: > > olcAuthzRegexp: > "gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth" > "cn=config" > > This rule allows a connection as root via ldapi to be authenticated as > cn=config. > > -Dieter > > > > > > On Fri, Dec 13, 2013 at 1:03 PM, Clint Petty > > <[email protected]>wrote: > > > > > Hi Jason, > > > > > > > > > > > > Yes, that worked for me. > > > > > > > > > > > > Thanks > > > > > > > > > > > > *From:* Jason Brandt [mailto:[email protected]] > > > *Sent:* Friday, December 13, 2013 10:13 AM > > > *To:* Clint Petty > > > *Cc:* Howard Chu; [email protected] > > > *Subject:* Re: ldapsearch limit of 500 entries > > > > > > > > > > > > What command syntax did you use for trying to modify cn=config? > > > > > > > > > > > > You should use EXTERNAL sasl auth when trying to modify base > > > config, with a command such as this: > > > > > > > > > > > > ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f changefile.ldif > > > > > > > > > > > > Then your ldif file, with the value you chose, would be: > > > > > > > > > > > > dn: cn=config > > > changetype: modify > > > replace: olcSizeLimit > > > olcSizeLimit: -1 > > > > > > > > > > > > That should work, it's what I use for making any changes to > > > cn=config. > > > > > > > > > > > > On Fri, Dec 13, 2013 at 12:00 PM, Clint Petty > > > <[email protected]> wrote: > > > > > > I know you are suppose to make changes through the command line, > > > when using cn=config. I tried changing it through ldapmodify, > > > however wasn't able to get it to work. So changed it in the file > > > and it did work. We are transitioning away from cn=config, so this > > > is just a short term solution. > > > > > > > > > -----Original Message----- > > > From: Howard Chu [mailto:[email protected]] > > > Sent: Thursday, December 12, 2013 7:15 PM > > > To: Clint Petty; Jason Brandt > > > Cc: [email protected] > > > Subject: Re: ldapsearch limit of 500 entries > > > > > > Clint Petty wrote: > > > > Thanks Jason, > > > > > > > > I resolved this issue by adding: > > > > > > > > olcSizeLimit: -1 > > > > > > > > to the etc/ldap/slapd.d/cn=config.ldif file. > > > > > > You are not supposed to manually edit the config database files. > > > You should have fed your change in to the running slapd using > > > ldapmodify. > > > > > > cn=config is a slapd database. It will very likely migrate to an > > > LMDB backend > > > in the future. Don't get the notion of manually editing it into > > > your head, because it won't be possible. > > > > > > > and then restarting slapd. > > > > > > There is no need to restart slapd to make configuration changes, if > > > you do them correctly - i.e., using ldapmodify. > > > > > > > Now works! > > > > > > > > *From:*Jason Brandt [mailto:[email protected]] > > > > *Sent:* Thursday, December 12, 2013 11:25 AM > > > > *To:* Clint Petty > > > > *Cc:* [email protected] > > > > *Subject:* Re: ldapsearch limit of 500 entries > > > > > > > > Note that this will replace any existing limits you have set. > > > > > > > > On Thu, Dec 12, 2013 at 1:24 PM, Jason Brandt < > > > [email protected] > > > > <mailto:[email protected]>> wrote: > > > > > > > > Global size limit modification ldif file (using cn=config): > > > > > > > > dn: cn=config > > > > > > > > changetype: modify > > > > > > > > replace: olcSizeLimit > > > > > > > > olcSizeLimit: size.soft=100 size.hard=500 > > > > > > > > Per user size limit changes: > > > > > > > > dn: olcDatabase={1}hdb,cn=config > > > > > > > > changetype: modify > > > > > > > > replace: olcLimits > > > > > > > > olcLimits: dn.exact="uid=user,ou=people,dc=example,dc=com" > > > > size=unlimited > > > > > > > > On Thu, Dec 12, 2013 at 1:16 PM, Clint Petty > > > > <[email protected] <mailto:[email protected]>> wrote: > > > > > > > > My ldapsearch command is only returning a max of 500 entries, > > > > while I > > > know I > > > > have over 9,000 entries in the database. If I do not have a > > > > slapd.conf > > > file, > > > > how can I increase the sizelimit, to display all my entries? > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Jason K. Brandt > > > > > > > > Systems Administrator > > > > > > > > Bradley University > > > > (309) 677-2958 <tel:%28309%29%20677-2958> > > > > > > > > > > > > > > > > -- > > > > > > > > Jason K. Brandt > > > > > > > > Systems Administrator > > > > > > > > Bradley University > > > > (309) 677-2958 > > > > > > > > > > > > > -- > > > -- Howard Chu > > > CTO, Symas Corp. http://www.symas.com > > > Director, Highland Sun http://highlandsun.com/hyc/ > > > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > > > > > > > > > > > > > > -- > > > > > > Jason K. Brandt > > > > > > Systems Administrator > > > > > > Bradley University > > > (309) 677-2958 > > > > > > > > > > > > > -- > Dieter Klünter | Systemberatung > http://dkluenter.de > GPG Key ID:DA147B05 > 53°37'09,95"N > 10°08'02,42"E > > -- Jason K. Brandt Systems Administrator Bradley University (309) 677-2958
