[tech] LDAP size limits exceeded
David Adam
zanchey at ucc.gu.uwa.edu.au
Fri Feb 20 14:45:16 AWST 2015
Bumped up again... need a proper fix.
On Mon, 28 Jul 2014, David Adam wrote:
> Tonight, [ASH] was trying to add a new user. The membername.ucc.asn.au
> alias wasn't being created correctly, and it turned out this was because
> the "list all users" operation in Zonemake (analagous to `getent passwd`)
> was hitting the maximum number of answers to a query in the LDAP server
> (1000).
>
> I've bumped up the maxium size to 1500 (olcSizeLimit: 1500), but perhaps
> we could consider:
>
> a) retiring some old usernames. `getent passwd | grep locked2004` might be
> a good place to start; 10 years to reactivate should be enough.
> b) enabling paged queries (setting `pagesize 500` or so in nslcd.conf on
> all our clients, and setting `olcSizeLimit: 1500 size.prtotal=unlimited`
> or similar
> c) removing size limits on the server altogether; I don't think we're ever
> going to have enough entries to seriously cause performance degradation.
>
> David Adam
> UCC Wheel Member
> zanchey at ucc.gu.uwa.edu.au
> _______________________________________________
> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech
>
> Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/zanchey%40ucc.gu.uwa.edu.au
>
>
Cheers,
David Adam
zanchey at ucc.gu.uwa.edu.au
Ask Me About Our SLA!
More information about the tech
mailing list