Re: [Samba] LDAP search failed: Size limit exceeded
On 9/15/2005 12:49 PM, Michael Christian wrote: > Hi list. I've decided to try and tackle this one piece at a time. > > Does anyone know why I would get the following error: > [EMAIL PROTECTED] ~]# net groupmap list > [2005/09/15 12:44:08, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2458) > ldapsam_setsamgrent: LDAP search failed: Size limit exceeded > [2005/09/15 12:44:08, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2523) > ldapsam_enum_group_mapping: Unable to open passdb > > I seem to have some size related issue concerning Groups... I don't know what the problem is but I can give some pointers. Queries that return ~everything can overwhelm participants, so LDAP has the ability to limit the amount of data returned, either with "paged" answer sets, or size limits, or both. "Size limit exceeded" is a typical LDAP error when the size limit has been exceeded. I'm pretty sure that Samba's LDAP interface understands paged results (my server is down for maintenance right now or I'd check), but maybe your LDAP server doesn't. Are you using a fairly recent OpenLDAP RPM package or something else? Actually my guess/assumption is that your queries are poorly formed and poorly rooted, and as a result your searches are matching everything in the directory. Make sure you set the proper suffixes in smb.conf so that searches are constrained to the correct search base. Weren't you reporting similar problems with PAM? Frankly I'd start there if I were you, since it seems to be a problem with all of your LDAP searches everywhere. Find the support list for your server and start with them is best advice I can give. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP search failed: Size limit exceeded
Hi list. I've decided to try and tackle this one piece at a time. Does anyone know why I would get the following error: [EMAIL PROTECTED] ~]# net groupmap list [2005/09/15 12:44:08, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2458) ldapsam_setsamgrent: LDAP search failed: Size limit exceeded [2005/09/15 12:44:08, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2523) ldapsam_enum_group_mapping: Unable to open passdb I seem to have some size related issue concerning Groups... -- Michael S. Christian Jr. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP search failed: Size limit exceeded
Well this has now started to work Possibly it was just a matter of setting the sizelimit in /etc/ldap.conf and waiting for the system to "catch up"??? I have only changed three things: slapd.conf -> limits dn="cn=Manager,dc=cc,dc=mala,dc=bc,dc=ca" size.soft=-1 size.hard=soft /etc/openldap/ldap.conf -> sizelimit 1 /etc/ldap.conf -> sizelimit 1 Confusingly yours:-) On Thu, 2004-09-02 at 11:02, Jerome Alet wrote: > On Thu, Sep 02, 2004 at 08:00:54PM +0200, jerome wrote: > > > > what about this one in slapd.conf : > > > > limits dn="admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > sorry, it was instead : > > limits dn="cn=admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > stupid manual copy & paste :-) > > Jerome Alet -- George Farris [EMAIL PROTECTED] Malaspina University-College - Cowichan Campus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP search failed: Size limit exceeded
On Thu, 2004-09-02 at 11:02, Jerome Alet wrote: > On Thu, Sep 02, 2004 at 08:00:54PM +0200, jerome wrote: > > > > what about this one in slapd.conf : > > > > limits dn="admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > sorry, it was instead : > > limits dn="cn=admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > stupid manual copy & paste :-) > > Jerome Alet Right, well, "pdbedit -L" failed with a size limit, ldapsearch also failed with a size limit. I have increased the sizelimt in both /etc/ldap.conf and /etc/openldap/ldap.conf to 1 and both these commands now function. However, the smbldap tools which I believe is responsible for returning a list of groups or users to the workstation spits out an error of "size limit exceeded". Does anyone know how to increase this or is this still a samba problem. I would think the win2k workstation is asking samba for a list of groups (or users) and samba passes this off to the smbldap tools which fail. Does that make sense? -- George Farris [EMAIL PROTECTED] Malaspina University-College - Cowichan Campus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP search failed: Size limit exceeded
On Thu, 2004-09-02 at 11:02, Jerome Alet wrote: > On Thu, Sep 02, 2004 at 08:00:54PM +0200, jerome wrote: > > > > what about this one in slapd.conf : > > > > limits dn="admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > sorry, it was instead : > > limits dn="cn=admin,dc=example,dc=com" size.soft=-1 size.hard=soft > > stupid manual copy & paste :-) > > Jerome Alet Right I assume you mean the rootdn in /etc/openldap/slapd.conf I have set it to: limits dn="cn=Manager,dc=cc,dc=mala,dc=bc,dc=ca" size.soft=-1 size.hard=soft and just above it is a sizelimit -1 statement. Restart the ldap server and smb just in case. Login to win2k as administrator, look at properties of Power User group, try to add a group to it, browsing I can see the domain but when I click on the domain I get a meesage that there are no objects and in the /var/log/samba/log.workstation file I see: [2004/09/02 11:38:55, 0] lib/smbldap.c:smbldap_search_suffix(1101) smbldap_search_suffix: Problem during the LDAP search: (Size limit exceeded) [2004/09/02 11:38:55, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1173) ldapsam_setsampwent: LDAP search failed: Size limit exceeded [2004/09/02 11:38:55, 0] rpc_server/srv_samr_nt.c:load_sampwd_entries(232) load_sampwd_entries: Unable to open passdb. [2004/09/02 11:38:55, 0] lib/smbldap.c:smbldap_search_suffix(1101) smbldap_search_suffix: Problem during the LDAP search: (Size limit exceeded) [2004/09/02 11:38:55, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1173) ldapsam_setsampwent: LDAP search failed: Size limit exceeded [2004/09/02 11:38:55, 0] rpc_server/srv_samr_nt.c:load_sampwd_entries(232) load_sampwd_entries: Unable to open passdb. [2004/09/02 11:38:55, 0] lib/smbldap.c:smbldap_search_suffix(1101) smbldap_search_suffix: Problem during the LDAP search: (Size limit exceeded) [2004/09/02 11:38:55, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1173) ldapsam_setsampwent: LDAP search failed: Size limit exceeded [2004/09/02 11:38:55, 0] rpc_server/srv_samr_nt.c:load_sampwd_entries(232) load_sampwd_entries: Unable to open passdb. The only indexes and access rights I have in slapd.conf right now are: index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass pres,eq # old 2.x samba attrs #index rid,primaryGroupID eq # index default sub ## posixGroup entries in the directory as well # index memberUid eq # This directive allows the user to modify their entry, # allows anonymous to authentication against these entries, # and allows all others to read these entries. The anonymous # users are granted auth, not read access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange by self write by anonymous auth by dn.base="cn=Manager,dc=cc,dc=mala,dc=bc,dc=ca" write by * none access to * by self write by dn.base="cn=Manager,dc=cc,dc=mala,dc=bc,dc=ca" write by * read BTW this is samba-3.0.6-2 on Fedora Core 2 openldap-2.1.29-1 Do I have the wrong limit line? -- George Farris [EMAIL PROTECTED] Malaspina University-College - Cowichan Campus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP search failed: Size limit exceeded
On Thu, Sep 02, 2004 at 08:00:54PM +0200, jerome wrote: > > what about this one in slapd.conf : > > limits dn="admin,dc=example,dc=com" size.soft=-1 size.hard=soft sorry, it was instead : limits dn="cn=admin,dc=example,dc=com" size.soft=-1 size.hard=soft stupid manual copy & paste :-) Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP search failed: Size limit exceeded
Hi, On Thu, Sep 02, 2004 at 10:40:30AM -0700, George Farris wrote: > When trying to browser users or groups on the server I see these > messages in the log file. > > [2004/09/02 10:40:15, 0] lib/smbldap.c:smbldap_search_suffix(1101) > smbldap_search_suffix: Problem during the LDAP search: (Size limit > exceeded) > [2004/09/02 10:40:15, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1173) > ldapsam_setsampwent: LDAP search failed: Size limit exceeded > > We are unable to browse users or groups which is a show stopper!!! > > I have added the line "sizelimit -1" in slapd.conf and restarted the > ldap server but it doesn't seem to help. what about this one in slapd.conf : limits dn="admin,dc=example,dc=com" size.soft=-1 size.hard=soft set the dn value to the dn used to do the LDAP search hoping this helps Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP search failed: Size limit exceeded
When trying to browser users or groups on the server I see these messages in the log file. [2004/09/02 10:40:15, 0] lib/smbldap.c:smbldap_search_suffix(1101) smbldap_search_suffix: Problem during the LDAP search: (Size limit exceeded) [2004/09/02 10:40:15, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1173) ldapsam_setsampwent: LDAP search failed: Size limit exceeded We are unable to browse users or groups which is a show stopper!!! I have added the line "sizelimit -1" in slapd.conf and restarted the ldap server but it doesn't seem to help. I'm kind of desperate here guys:-) Can anyone shed some light on why this happens? -- George Farris [EMAIL PROTECTED] Malaspina University-College - Cowichan Campus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba