On Wed, Dec 24, 2025 at 10:39 AM Mark Reynolds <mareynol@redhat.com> wrote:
>
> Hey Bob,
>
> What you want is probably pointer COS:
>
> https://docs.redhat.com/en/documentation/red_hat_directory_server/11/html-single/administration_guide/index#About_CoS-How_a_Pointer_CoS_Works
>
> The issue with this is it works for all entries under a subtree. There
> is no filtering. So you can apply it to all users under
> ou=people,dc=example,dc=com by creating the COS definition entry
> directly under that branch.
>
> Not sure if this will work for you, but it's all we got at the moment.
Thank you. I managed to get this to work once I realized that the
nsSizeLimit and nsLookThroughLimit cosAttribute entries had to include
operational in the cosPointerDefinition:
cosAttribute: nsSizeLimit operational
cosAttribute: nsLookThroughLimit operational
I am now running into "Time limit exceeded (3)" when running a query
that takes over 30 seconds. I was hoping adding nstimelimit: -1 to
the COS template would overcome this limitation, but I have yet to get
it to work. I've tried adjusting a variety of cn=config limit and
time(out) attributes but to no avail. Can anyone please point me to
whatever attribute needs adjusting? BTW, my queries are GSSAPI over
TLS which is arguably unnecessary since GSSAPI will encrypt the comms.
I mention this in case something like nssslsessiontimeout is
responsible for the timeout.
Thanks,
Bob
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment