On Wed, Jul 19, 2006 at 09:14:41PM +0200, Matthijs Mohlmann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Quanah Gibson-Mount wrote: > >> Package: slapd > >> Version: 2.3.24-1 > >> Severity: important > >> > >> Hi > >> > >> I have tried using > >> > >> limits users size=1000 > >> > >> but when I try to ldapsearch I get an error 4 size limit. > >> > >> when I change it to > >> > >> sizelimit 1000 > >> > >> and retry the ldapsearch it works. I don't want to open up the limits > >> to every on > >> > > > I've tested this and I can confirm that it doesn't work for me too. > Where did you place the limits directive in the configuration ? I placed it just after the schema includes. I also tried it in a backend definition but that failed
> > > I would suggest sending OpenLDAP usage questions to > > [EMAIL PROTECTED] > > > > I will note that the limits command works just fine for me in the areas > > I use it, for example: > > > > # Let the ispace prinicpal have a search of 5000 entries > > limits dn.exact="cn=abcd,cn=Service,cn=Applications,dc=stanford,dc=edu" > > time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 I initially tried it with a dn.exact as well, but just specifying size=1000 and different derivations, but none of them worked > > > I've tried this example on a freshly install of slapd but I still can't > get that to work. Do you have some pointers to get some more information > about the parameter. > > I tried this: > limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 > limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 > size.hard=1 > limits dn.exact="cn=test,dc=cacholong,dc=nl" time.soft=unlimited > time.hard=unlimited size.soft=1 size.hard=1 > > Running slapd -d 64 shows that the configuration file is ok. And that > the directive is allowed there. I am using slapd 2.3.24-1 > > But neither of these example work for me... probably I have a stupid > thingie in the configuration file but I couldn't find it. Attached my > slapd.conf. > > > > --Quanah > > Regards, > > Matthijs Mohlmann > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEvoSg2n1ROIkXqbARAk0HAJ4uJFnFwB+Z7k8bM77ZHdpFNLmPoQCfZbwY > 1A4IWY6R2e4OfDR5pBDYiuo= > =40Jp > -----END PGP SIGNATURE----- > # This is the main slapd configuration file. See slapd.conf(5) for more > # info on the configuration options. > > ####################################################################### > # Global Directives: > > # Features to permit > #allow bind_v2 > > # Schema and objectClass definitions > include /etc/ldap/schema/core.schema > include /etc/ldap/schema/cosine.schema > include /etc/ldap/schema/nis.schema > include /etc/ldap/schema/inetorgperson.schema > > # Schema check allows for forcing entries to > # match schemas for their objectClasses's > schemacheck on > > # Where the pid file is put. The init.d script > # will not stop the server if you change this. > pidfile /var/run/slapd/slapd.pid > > # List of arguments that were passed to the server > argsfile /var/run/slapd.args > > # Read slapd.conf(5) for possible values > loglevel 0 > > # Where the dynamically loaded modules are stored > modulepath /usr/lib/ldap > moduleload back_bdb > > # The maximum number of entries that is returned for a search operation > sizelimit 500 > > # The tool-threads parameter sets the actual amount of cpu's that is used > # for indexing. > tool-threads 1 > > # Limits > limits dn.exact="cn=test,dc=cacholong,dc=nl" time.hard=unlimited > time.soft=unlimited size.hard=1 size.soft=1 > > ####################################################################### > # Specific Backend Directives for bdb: > # Backend specific directives apply to this backend until another > # 'backend' directive occurs > backend bdb > checkpoint 512 30 > > ####################################################################### > # Specific Backend Directives for 'other': > # Backend specific directives apply to this backend until another > # 'backend' directive occurs > #backend <other> > > ####################################################################### > # Specific Directives for database #1, of type bdb: > # Database specific directives apply to this databasse until another > # 'database' directive occurs > database bdb > > # The base of your directory in database #1 > suffix "dc=cacholong,dc=nl" > > # Where the database file are physically stored for database #1 > directory "/var/lib/ldap" > > # For the Debian package we use 2MB as default but be sure to update this > # value if you have plenty of RAM > dbconfig set_cachesize 0 2097152 0 > > # Sven Hartge reported that he had to set this value incredibly high > # to get slapd running at all. See http://bugs.debian.org/303057 > # for more information. > > # Number of objects that can be locked at the same time. > dbconfig set_lk_max_objects 1500 > # Number of locks (both requested and granted) > dbconfig set_lk_max_locks 1500 > # Number of lockers > dbconfig set_lk_max_lockers 1500 > > # Indexing options for database #1 > index objectClass eq > > # Save the time that the entry gets modified, for database #1 > lastmod on > > # Where to store the replica logs for database #1 > # replogfile /var/lib/ldap/replog > > # The userPassword by default can be changed > # by the entry owning it if they are authenticated. > # Others should not be able to see it, except the > # admin entry below > # These access lines apply to database #1 only > access to attrs=userPassword > by dn="cn=admin,dc=cacholong,dc=nl" write > by anonymous auth > by self write > by * none > > # Ensure read access to the base for things like > # supportedSASLMechanisms. Without this you may > # have problems with SASL not knowing what > # mechanisms are available and the like. > # Note that this is covered by the 'access to *' > # ACL below too but if you change that as people > # are wont to do you'll still need this if you > # want SASL (and possible other things) to work > # happily. > access to dn.base="" by * read > > # The admin dn has full write access, everyone else > # can read everything. > access to * > by dn="cn=admin,dc=cacholong,dc=nl" write > by * read > > # For Netscape Roaming support, each user gets a roaming > # profile for which they have write access to > #access to dn=".*,ou=Roaming,o=morsnet" > # by dn="cn=admin,dc=cacholong,dc=nl" write > # by dnattr=owner write > > ####################################################################### > # Specific Directives for database #2, of type 'other' (can be bdb too): > # Database specific directives apply to this databasse until another > # 'database' directive occurs > #database <other> > > # The base of your directory for database #2 > #suffix "dc=debian,dc=org"
signature.asc
Description: Digital signature
