Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
Hi Alexander, On Thu, Jul 20, 2006 at 10:47:50AM +1000, Alexander Samad wrote: This is what i have just tried --slapd.conf -- sizelimit 1000 limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 [EMAIL PROTECTED]:~/documents/Contacts$ ldapsearch -v -x -D cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au -w x -b ou=Global Address Book,dc=samad,dc=com,dc=au dn | tail Same thing works fine here, slapd 2.3.24-2. I have no spaces in the DN however. --slapd.conf -- limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 Hmm, just for reference, I have the sizelimit command before any backend definitions and the limits clause inside the backend definitions. Everything seems to work fine... Greetings Torsten signature.asc Description: Digital signature
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
On Sun, Jul 23, 2006 at 07:25:26PM +0200, Torsten Landschoff wrote: Hi Alexander, On Thu, Jul 20, 2006 at 10:47:50AM +1000, Alexander Samad wrote: This is what i have just tried --slapd.conf -- sizelimit 1000 limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 [EMAIL PROTECTED]:~/documents/Contacts$ ldapsearch -v -x -D cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au -w x -b ou=Global Address Book,dc=samad,dc=com,dc=au dn | tail Same thing works fine here, slapd 2.3.24-2. I have no spaces in the DN however. --slapd.conf -- limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 Hmm, just for reference, I have the sizelimit command before any backend definitions and the limits clause inside the backend definitions. Everything seems to work fine... Yeah this was my problem, I have the limits and sizelimits before the backend definition 8( Greetings Torsten signature.asc Description: Digital signature
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
--On Thursday, July 20, 2006 10:47 AM +1000 Alexander Samad [EMAIL PROTECTED] wrote: On Wed, Jul 19, 2006 at 03:36:43PM -0700, Quanah Gibson-Mount wrote: This bug can be closed, Alexander found that he put the limits line in the wrong location in slapd.conf. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#378832: limits directive is not working in slapd.conf
Package: slapd Version: 2.3.24-1 Severity: important Hi I have tried using limits users size=1000 but when I try to ldapsearch I get an error 4 size limit. when I change it to sizelimit 1000 and retry the ldapsearch it works. I don't want to open up the limits to every on Thank Alex -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (250, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.16-1-amd64-k8-smp Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages slapd depends on: ii coreutils [fileutils] 5.96-3 The GNU core utilities ii debconf [debconf-2.0] 1.5.2Debian configuration management sy ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libdb4.24.2.52-23.1 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.4-3 iODBC Driver Manager ii libldap-2.3-0 2.3.24-1 OpenLDAP libraries ii libltdl31.5.22-4 A system independent dlopen wrappe ii libperl5.8 5.8.8-4 Shared Perl library ii libsasl22.1.19.dfsg1-0.2 Authentication abstraction library ii libslp1 1.2.1-5 OpenSLP libraries ii libssl0.9.8 0.9.8b-2 SSL shared libraries ii libwrap07.6.dbs-9Wietse Venema's TCP wrappers libra ii perl [libmime-base64-pe 5.8.8-4 Larry Wall's Practical Extraction ii psmisc 22.2-1 Utilities that use the proc filesy Versions of packages slapd recommends: ii db4.2-util 4.2.52-23.1 Berkeley v4.2 Database Utilities ii libsasl2-modules2.1.19.dfsg1-0.2 Pluggable Authentication Modules f -- debconf information: slapd/fix_directory: true * shared/organization: a samad slapd/upgrade_slapcat_failure: slapd/backend: BDB * slapd/allow_ldap_v2: false slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true * slapd/domain: samad.com.au slapd/password_mismatch: slapd/invalid_config: true slapd/upgrade_slapadd_failure: slapd/dump_database: when needed slapd/migrate_ldbm_to_bdb: false slapd/purge_database: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
--On Wednesday, July 19, 2006 6:25 PM +1000 Alexander Samad [EMAIL PROTECTED] wrote: Package: slapd Version: 2.3.24-1 Severity: important Hi I have tried using limits users size=1000 but when I try to ldapsearch I get an error 4 size limit. when I change it to sizelimit 1000 and retry the ldapsearch it works. I don't want to open up the limits to every on I would suggest sending OpenLDAP usage questions to [EMAIL PROTECTED] I will note that the limits command works just fine for me in the areas I use it, for example: # Let the ispace prinicpal have a search of 5000 entries limits dn.exact=cn=abcd,cn=Service,cn=Applications,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanah Gibson-Mount wrote: Package: slapd Version: 2.3.24-1 Severity: important Hi I have tried using limits users size=1000 but when I try to ldapsearch I get an error 4 size limit. when I change it to sizelimit 1000 and retry the ldapsearch it works. I don't want to open up the limits to every on I've tested this and I can confirm that it doesn't work for me too. Where did you place the limits directive in the configuration ? I would suggest sending OpenLDAP usage questions to [EMAIL PROTECTED] I will note that the limits command works just fine for me in the areas I use it, for example: # Let the ispace prinicpal have a search of 5000 entries limits dn.exact=cn=abcd,cn=Service,cn=Applications,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 I've tried this example on a freshly install of slapd but I still can't get that to work. Do you have some pointers to get some more information about the parameter. I tried this: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits dn.exact=cn=test,dc=cacholong,dc=nl time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 Running slapd -d 64 shows that the configuration file is ok. And that the directive is allowed there. But neither of these example work for me... probably I have a stupid thingie in the configuration file but I couldn't find it. Attached my slapd.conf. --Quanah Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEvoSg2n1ROIkXqbARAk0HAJ4uJFnFwB+Z7k8bM77ZHdpFNLmPoQCfZbwY 1A4IWY6R2e4OfDR5pBDYiuo= =40Jp -END PGP SIGNATURE- # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd.args # Read slapd.conf(5) for possible values loglevel0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 # Limits limits dn.exact=cn=test,dc=cacholong,dc=nl time.hard=unlimited time.soft=unlimited size.hard=1 size.soft=1 ### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backendother ### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs databasebdb # The base of your directory in database #1 suffix dc=cacholong,dc=nl # Where the database file are physically stored for database #1 directory /var/lib/ldap # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 # replogfile/var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
On Wed, Jul 19, 2006 at 09:14:41PM +0200, Matthijs Mohlmann wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanah Gibson-Mount wrote: Package: slapd Version: 2.3.24-1 Severity: important Hi I have tried using limits users size=1000 but when I try to ldapsearch I get an error 4 size limit. when I change it to sizelimit 1000 and retry the ldapsearch it works. I don't want to open up the limits to every on I've tested this and I can confirm that it doesn't work for me too. Where did you place the limits directive in the configuration ? I placed it just after the schema includes. I also tried it in a backend definition but that failed I would suggest sending OpenLDAP usage questions to [EMAIL PROTECTED] I will note that the limits command works just fine for me in the areas I use it, for example: # Let the ispace prinicpal have a search of 5000 entries limits dn.exact=cn=abcd,cn=Service,cn=Applications,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 I initially tried it with a dn.exact as well, but just specifying size=1000 and different derivations, but none of them worked I've tried this example on a freshly install of slapd but I still can't get that to work. Do you have some pointers to get some more information about the parameter. I tried this: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits dn.exact=cn=test,dc=cacholong,dc=nl time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 Running slapd -d 64 shows that the configuration file is ok. And that the directive is allowed there. I am using slapd 2.3.24-1 But neither of these example work for me... probably I have a stupid thingie in the configuration file but I couldn't find it. Attached my slapd.conf. --Quanah Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEvoSg2n1ROIkXqbARAk0HAJ4uJFnFwB+Z7k8bM77ZHdpFNLmPoQCfZbwY 1A4IWY6R2e4OfDR5pBDYiuo= =40Jp -END PGP SIGNATURE- # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd.args # Read slapd.conf(5) for possible values loglevel0 # Where the dynamically loaded modules are stored modulepath/usr/lib/ldap moduleloadback_bdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 # Limits limits dn.exact=cn=test,dc=cacholong,dc=nl time.hard=unlimited time.soft=unlimited size.hard=1 size.soft=1 ### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend other ### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs databasebdb # The base of your directory in database #1 suffix dc=cacholong,dc=nl # Where the database file are physically stored for database #1 directory /var/lib/ldap # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
--On Wednesday, July 19, 2006 9:14 PM +0200 Matthijs Mohlmann [EMAIL PROTECTED] wrote: I've tried this example on a freshly install of slapd but I still can't get that to work. Do you have some pointers to get some more information about the parameter. I tried this: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits dn.exact=cn=test,dc=cacholong,dc=nl time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 Okay, I just tried: limits dn.exact=uid=cadabra,cn=accounts,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 where cadabra is a test account of mine, and I hit the sizelimit restriction immediately: # search result search: 5 result: 4 Size limit exceeded # numResponses: 11 # numEntries: 10 So it stopped after returning 10 entries, just like it should. I then changed the line to: limits users time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 restarted slapd, and again, hit the same limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 11 # numEntries: 10 So again, the line worked. Then, I tried: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 stopped slapd, restarted, and again, I hit the correct limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 2 # numEntries: 1 Then, I tried: limits users time.soft=unlimited time.hard=unlimited size=1 restarted slapd, and again I hit the correct limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 2 # numEntries: 1 So using OpenLDAP 2.3.24 (not from debian, however), it all works correctly for me. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
On Wed, Jul 19, 2006 at 03:36:43PM -0700, Quanah Gibson-Mount wrote: --On Wednesday, July 19, 2006 9:14 PM +0200 Matthijs Mohlmann [EMAIL PROTECTED] wrote: I've tried this example on a freshly install of slapd but I still can't get that to work. Do you have some pointers to get some more information about the parameter. I tried this: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits dn.exact=cn=test,dc=cacholong,dc=nl time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 Okay, I just tried: limits dn.exact=uid=cadabra,cn=accounts,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 This is what i have just tried --slapd.conf -- sizelimit 1000 limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 [EMAIL PROTECTED]:~/documents/Contacts$ ldapsearch -v -x -D cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au -w x -b ou=Global Address Book,dc=samad,dc=com,dc=au dn | tail ldap_initialize( DEFAULT ) filter: (objectclass=*) requesting: dn # search result search: 2 result: 0 Success # numResponses: 690 # numEntries: 689 and this --slapd.conf -- limits dn.exact=cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 [EMAIL PROTECTED]:~/documents/Contacts$ ldapsearch -v -x -D cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au -w x -b ou=Global Address Book,dc=samad,dc=com,dc=au dn | tail ldap_initialize( DEFAULT ) filter: (objectclass=*) requesting: dn # search result search: 2 result: 4 Size limit exceeded where cadabra is a test account of mine, and I hit the sizelimit restriction immediately: # search result search: 5 result: 4 Size limit exceeded # numResponses: 11 # numEntries: 10 So it stopped after returning 10 entries, just like it should. I then changed the line to: limits users time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10 restarted slapd, and again, hit the same limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 11 # numEntries: 10 So again, the line worked. Then, I tried: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 stopped slapd, restarted, and again, I hit the correct limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 2 # numEntries: 1 Then, I tried: limits users time.soft=unlimited time.hard=unlimited size=1 restarted slapd, and again I hit the correct limit: # search result search: 5 result: 4 Size limit exceeded # numResponses: 2 # numEntries: 1 So using OpenLDAP 2.3.24 (not from debian, however), it all works correctly for me. Do debian patch before packaging ? --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html signature.asc Description: Digital signature