[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] winsync agreement wipes IPA users



On 09/25/2012 09:46 PM, Rob Crittenden wrote:
Steven Jones wrote:
Hi,

I dont have a ldapmodify command for changing something in AD.

I have increased the only scope I/we know about which is the return of objects from a search inside the AD gui but that might be specific to that view tool. That is 2000 by default, Ive set 40000, I am testing it now, if that doesn't work....

Our best AD person is currently researching to see if its even possible to alter that hard code in AD. The only way he can see is using a windows/ad specific command line command to modify the internals of AD but he's never seen or read about doing it for this attribute.

Rich knows more about this than me, so maybe he knows what value you're changing, but I don't. Where exactly in the AD gui are you changing the value to 40k?

There are limits you can set that apply only to the GUI, and there are limits you can set which apply to LDAP. It's possible you set some limits which only apply to the windows GUI.

http://support.microsoft.com/kb/315071

I don't see any setting which directly corresponds to sizelimit. The only ones that control the size of the result set are: MaxPageSize, which seems only to apply to paged result searches; MaxTempTableSize, which sounds something like our idlistscanlimit and could be applicable here; and MaxResultSetSize, which could also be applicable here.

Do you have more than 10000 entries in your active directory? Might AD be attempting to return more than 262,144 bytes?




regards

rob


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten redhat com]
Sent: Wednesday, 26 September 2012 1:31 p.m.
To: Rich Megginson
Cc: Steven Jones; freeipa-users redhat com
Subject: Re: [Freeipa-users] winsync agreement wipes IPA users

Rich Megginson wrote:
On 09/25/2012 03:34 PM, Steven Jones wrote:
Hi,

I have set the filter size as 20000 for the user and it makes no
difference.
Where did you set this?  In IPA?  In AD?  If so, where? How?
What does "filter size" mean?  To me, it means "the size of an LDAP
search filter in an LDAP search request" not "the maximum number of
entries returned by a search".

The more details you can provide on what you did the better. This might
include the exact ldapmodify command, where you entered it in AD, the
attribute names, whichever is applicable.

regards

rob





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]