I have some groups with as many as 30K+ members. After enabling the
memberOf plugin, ldap queries such as
"(memberof:=cn=large_group,ou=groups,dc=org,dc=com)", only return a
partial list of members. I've increased the following cn=config
attributes but am not seeing an increase in records returned:
nsslapd-sizelimit
nsslapd-lookthroughlimit
nsslapd-idlistscanlimit
I've been experimenting with various levels of logging to try to
understand what might be preventing all of the records being returned,
and have the following currently configured:
nsslapd-accesslog-level: 514
nsslapd-errorlog-level: 114688
nsslapd-plugin-logging: on
nsslapd-securitylog-level: 256
nsslapd-statlog-level: 0
I have yet to tweak any OS or application settings in regards to cache
or anything else that might be warranted considering the number of
ldap entries I expect to serve, so I expect there's work to be done in
that regard. However I've yet to find any debug log to point me in
the direction of figuring out why memberOf is only providing a partial
list of all matching entries.
Any advice on what log levels I might consider or what config
attributes I should focus on to see about addressing my issue?
Thank you,
Bob
My test platform:
% grep SUSE /etc/*release
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP6"
% rpm -q 389-ds
389-ds-2.2.10~git146.78a60e3ac-150600.8.23.1.x86_64
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment