sizelimit

Maily Peng Mon, 25 Jul 2016 10:33:44 -0700

Hi all,

I can not apply a limits directive to my slapd.conf. I need a user(cn=replicator,ou=AppUsers,dc=company,dc=net) to have read access to allentries of a database.The global sizelimits ( 1000) seems to override any other databasedirective. Each ldapsearch returns a " 4 Size limit exceeded".


openldap version : 2.4.42
here is a sample of my slapd.conf

...
# Define global ACLs to disable default read access.

sizelimit 1000
timelimit 5

tool-threads    8

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

#######################################################################
# database definitions
#######################################################################

#########################################
# Directories DATABASE
#########################################
database        mdb
suffix          "ou=Directories,dc=company,dc=net"
subordinate
checkpoint      1024    5
dbnosync
maxsize         10737418240
envflags        writemap
rootdn          "cn=admin,dc=company,dc=net"

# Mode 700 recommended.
directory       /var/lib/openldap/ldap

# acl

authz-regexp uid=([^,]*),cn=digest-md5,cn=authldap:///ou=company,dc=company,dc=net??sub?(&(objectclass=psnDirectoryContact)(cli=sipdefault:$1))


access to *
        by dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net" write
        by * break

...........

access to dn.sub="ou=AppUsers,dc=company,dc=net" attrs=userpassword
        by anonymous auth
        by * none

# Indices to maintain
index   cn,dc,sn,uid,mail,telephoneNumber pres,eq,sub
index   arecord,description eq

indexobjectClass,macAddress,custID,locationID,zoneGroupPrefix,entryUUID,entryCSNpres,eq


# Sync Repl
overlay syncprov
# all standard entries in the accesslog that were successful
syncrepl  rid=0
          provider=ldap://
          bindmethod=simple
          binddn="cn=user,ou=login,cn=system"
          credentials=secret
          searchbase="ou=Directories,dc=company,dc=net"
          logbase="cn=accesslog_directories"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
          schemachecking=on
          type=refreshAndPersist
          retry="60 +"
          syncdata=accesslog

#limits

limits dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net"size=unlimited time=unlimited


....

thanks in advance.

sizelimit

Reply via email to