[Freeipa-users] winsync agreement wipes IPA users

Dmitri Pal dpal at redhat.com
Fri Sep 21 15:18:23 UTC 2012 

On 09/21/2012 11:07 AM, Rich Megginson wrote:
> On 09/21/2012 09:04 AM, Dmitri Pal wrote:
>> On 09/21/2012 09:23 AM, Rich Megginson wrote:
>>> On 09/21/2012 05:21 AM, Martin Kosek wrote:
>>>> When using bare ldapsearch, you are hitting 389-ds limits - in your
>>>> case
>>>> nsslapd-sizelimit. This can be increased either globally or (this
>>>> seems as a
>>>> more secure solution) for a user you bind as:
>>>>
>>>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>>>>
>>>>
>>> Steven, are you saying that winsync only pulled over 2000 out of 5700
>>> users from AD into IPA? If so, then that's a limit on the winsync user
>>> that must be increased in AD.
>>>
>> Rich, it seems that it might make sense to file an RFE for the winsync
>> to support paging control.
>
> AD supports the paging control?  And this allows you to get around the
> search limit?
>

http://msdn.microsoft.com/en-us/library/windows/desktop/aa367011%28v=vs.85%29.aspx
The default usually 2K BTW.

>>
>>>> Martin
>>>>
>>>> On 09/21/2012 04:43 AM, Steven Jones wrote:
>>>>> Hi,
>>>>>
>>>>> It seems IPA has some sort of limit of searching it will only show
>>>>> the first 2k
>>>>> of user entries?
>>>>>
>>>>> regards
>>>>>
>>>>> Steven Jones
>>>>>
>>>>> Technical Specialist - Linux RHCE
>>>>>
>>>>> Victoria University, Wellington, NZ
>>>>>
>>>>> 0064 4 463 6272
>>>>>
>>>>> -------------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> *From:* Rich Megginson [rmeggins at redhat.com]
>>>>> *Sent:* Friday, 21 September 2012 11:38 a.m.
>>>>> *To:* Steven Jones
>>>>> *Cc:* freeipa-users at redhat.com
>>>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>>>
>>>>> On 09/20/2012 03:52 PM, Steven Jones wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I have imported users, but there are 5700 of them but I only have
>>>>>> 2000 which
>>>>>> corresponds to the view that AD gives you by default.  This makes
>>>>>> me think
>>>>>> that that limit is all the AD is allowing the query to see?
>>>>> You can use
>>>>> https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
>>>>> what winsync sees when it searches.
>>>>>> Is there a way to expand it?
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>> -------------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>> *From:* freeipa-users-bounces at redhat.com
>>>>>> [freeipa-users-bounces at redhat.com]
>>>>>> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
>>>>>> *Sent:* Friday, 21 September 2012 8:44 a.m.
>>>>>> *Cc:* freeipa-users at redhat.com
>>>>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>>>>
>>>>>> I have hundreds of disable users in IPA now transferred from AD, is
>>>>>> there a
>>>>>> quick/clean way to purge them from IPA?
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list