Red Hat Directory Server 11- ldapsearch error : result: 11 Administrative limit exceeded
Environment
Red Hat Directory Server (All Verions)
Issue
We have an Red Hat Directory Server and It's encountering a restriction when performing a search using an authenticated user: error result: 11 Administrative limit exceeded:
$ ldapsearch -x -H 'ldaps://ldapserver.example.com:636' -W -D "uid=ldapuser,ou=IT,ou=users,o=RH" -b "ou=People,ou=users,o=RH" "uid=*"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=People,ou=users,o=RH> with scope subtree
# filter: uid=*
# requesting: ALL
#
# search result
search: 2
result: 11 Administrative limit exceeded
Resolution
- Pls create a file
/tmp/limits.ldifon RHDS serverldapserver.example.comwith this content:
dn: uid=ldapuser,ou=IT,ou=users,o=RH
changetype: modify
replace: nsSizeLimit
nsSizeLimit: -1
-
replace: nsLookthroughLimit
nsLookthroughLimit: -1
-
add: nsPagedLookThroughLimit
nsPagedLookThroughLimit: -1
-
add: nsPagedSizeLimit
nsPagedSizeLimit: -1
-
add: nsIDListScanLimit
nsIDListScanLimit: 2147483646
-
add: nsTimeLimit
nsTimeLimit: -1
-
add: nsidletimeout
nsidletimeout: -1
- Then pls run these commands on RHDS
ldapserver.example.com:
# ldapmodify -h 127.0.0.1 -D "cn=Directory Manager" -W -x -f /tmp/limits.ldif
# ldapearch -h 127.0.0.1 -D "cn=Directory Manager" -W -x "uid=ldapuser,ou=IT,ou=users,o=RH"
==> pls key in password of Directory Manager when prompted
- Test if it works by running this command:
# ldapsearch -x -H 'ldaps://ldapserver.example.com:636' -W -D "uid=ldapuser,ou=IT,ou=users,o=RH" -b "ou=People,ou=users,o=RH" "uid=*"
- If the step 3 returns same error, pls run the same command with debug option
-d1as following:
# ldapsearch -x -H 'ldaps://ldapserver.example.com:636' -W -D "uid=ldapuser,ou=IT,ou=users,o=RH" -b "ou=People,ou=users,o=RH" "uid=*" -d1
Root Cause
The number of matching entries is 5187 but value of nsSizeLimit was only 5000:
# ldapsearch -x -H 'ldaps://ldapserver.example.com:636' -W -D "uid=ldapuser,ou=IT,ou=users,o=RH" -b "ou=People,ou=users,o=RH" "uid=*"
.
.
.
# search result
search: 2
result: 0 Success
# numResponses: 5188
# numEntries: 5187
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments