Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not
working in slapd.conf
Alexander Samad
alex at samad.com.au
Thu Jul 20 00:47:50 UTC 2006
On Wed, Jul 19, 2006 at 03:36:43PM -0700, Quanah Gibson-Mount wrote:
>
>
> --On Wednesday, July 19, 2006 9:14 PM +0200 Matthijs Mohlmann
> <matthijs at cacholong.nl> wrote:
>
> >
> >I've tried this example on a freshly install of slapd but I still can't
> >get that to work. Do you have some pointers to get some more information
> >about the parameter.
> >
> >I tried this:
> >limits users time.soft=unlimited time.hard=unlimited size.soft=1
> >size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited
> >size.soft=1 size.hard=1
> >limits dn.exact="cn=test,dc=cacholong,dc=nl" time.soft=unlimited
> >time.hard=unlimited size.soft=1 size.hard=1
>
> Okay, I just tried:
>
> limits dn.exact="uid=cadabra,cn=accounts,dc=stanford,dc=edu"
> time.soft=unlimited time.hard=unlimited size.soft=10 size.hard=10
This is what i have just tried
--slapd.conf --
sizelimit 1000
limits dn.exact="cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au" time.soft=unlimited
time.hard=unlimited size.soft=10 size.hard=10
alex at hufpuf:~/documents/Contacts$ ldapsearch -v -x -D "cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au" -w xxxxx -b "ou=Global Address Book,dc=samad,dc=com,dc=au" dn | tail
ldap_initialize( <DEFAULT> )
filter: (objectclass=*)
requesting: dn
# search result
search: 2
result: 0 Success
# numResponses: 690
# numEntries: 689
and this
--slapd.conf --
limits dn.exact="cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au" time.soft=unlimited
time.hard=unlimited size.soft=10 size.hard=10
alex at hufpuf:~/documents/Contacts$ ldapsearch -v -x -D "cn=Global Address Book Admin,ou=Roles,dc=samad,dc=com,dc=au" -w xxxxx -b "ou=Global Address Book,dc=samad,dc=com,dc=au" dn | tail
ldap_initialize( <DEFAULT> )
filter: (objectclass=*)
requesting: dn
# search result
search: 2
result: 4 Size limit exceeded
>
> where "cadabra" is a test account of mine, and I hit the sizelimit
> restriction immediately:
>
> # search result
> search: 5
> result: 4 Size limit exceeded
>
> # numResponses: 11
> # numEntries: 10
>
> So it stopped after returning 10 entries, just like it should.
>
> I then changed the line to:
>
> limits users time.soft=unlimited time.hard=unlimited size.soft=10
> size.hard=10
>
> restarted slapd, and again, hit the same limit:
>
> # search result
> search: 5
> result: 4 Size limit exceeded
>
> # numResponses: 11
> # numEntries: 10
>
> So again, the line worked.
>
> Then, I tried:
>
> limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1
>
> stopped slapd, restarted, and again, I hit the correct limit:
>
> # search result
> search: 5
> result: 4 Size limit exceeded
>
> # numResponses: 2
> # numEntries: 1
>
>
>
> Then, I tried:
>
> limits users time.soft=unlimited time.hard=unlimited size=1
>
> restarted slapd, and again I hit the correct limit:
>
> # search result
> search: 5
> result: 4 Size limit exceeded
>
> # numResponses: 2
> # numEntries: 1
>
>
> So using OpenLDAP 2.3.24 (not from debian, however), it all works correctly
> for me.
Do debian patch before packaging ?
>
> --Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060720/a82a7216/attachment.pgp
More information about the Pkg-openldap-devel
mailing list