[tech] LDAP size limits exceeded
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Jul 28 22:43:54 WST 2014
Tonight, [ASH] was trying to add a new user. The membername.ucc.asn.au
alias wasn't being created correctly, and it turned out this was because
the "list all users" operation in Zonemake (analagous to `getent passwd`)
was hitting the maximum number of answers to a query in the LDAP server
(1000).
I've bumped up the maxium size to 1500 (olcSizeLimit: 1500), but perhaps
we could consider:
a) retiring some old usernames. `getent passwd | grep locked2004` might be
a good place to start; 10 years to reactivate should be enough.
b) enabling paged queries (setting `pagesize 500` or so in nslcd.conf on
all our clients, and setting `olcSizeLimit: 1500 size.prtotal=unlimited`
or similar
c) removing size limits on the server altogether; I don't think we're ever
going to have enough entries to seriously cause performance degradation.
David Adam
UCC Wheel Member
zanchey at ucc.gu.uwa.edu.au
More information about the tech
mailing list