LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   LDAP: ldapsearch can't return more than 500 results; Also, can't find slapd.conf (http://www.linuxquestions.org/questions/linux-general-1/ldap-ldapsearch-cant-return-more-than-500-results%3B-also-cant-find-slapd-conf-790454/)

mattseanbachman 02-20-2010 03:39 PM

LDAP: ldapsearch can't return more than 500 results; Also, can't find slapd.conf
 
Hello,

I've scoured the web for a solution to this to no avail, so I'm bringing my issue here.

If I do something to the effect of this:
ldapsearch -b "dc=example,dc=com" -x -z 3000

I'll get this back at the end of the result set:
# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 501
# numEntries: 500


The thing is is that I have way more (thousands) than what's being displayed here. And I've tried to mess around with /etc/ldap.conf, changing the SIZELIMIT directive to something else, 10000, let's say, and restarting the server, but the same goddamn thing happens.

I've been messing around with this for quite some time now, hopefully someone will be able to shed some light on this so that I can learn my way out of this mess that is LDAP. Also in a related matter, I'm running Mint (based off of Ubuntu), and all the documentation that I've seen (probably read a good 100+ pages in a few days now on this) keeps telling me to make changes to my slapd.conf file. What slapd.conf file? It doesn't exist, I can't find it at least. find / -name slapd.conf turns up nothing.

acid_kewpie 02-20-2010 04:09 PM

This is a server side setting, and you've not said anything at all about what server this is, merely the client you're using. You can't make the client override a security setting on the server if the server doesn't want to. Added to that, slapd.conf is the config file for the openldap server, again suggesting you don't have any control of the server..?

bathory 02-20-2010 04:25 PM

I guess the openldap server uses the new config style (cn=config) and not /etc/ldap/slapd.conf.
If that's the case you should use an ldif file to change the default sizelimit (500) to what you want (3000):
Code:

dn: cn=config
objectClass: olcGlobal
cn: config
olcSizeLimit: 3000

Read this for more info

mattseanbachman 02-20-2010 04:28 PM

Well I thought the number of results displayed could be both a server side problem and a client side problem. ldapsearch has a -z switch that lets you specify the number of results displayed. The SIZELIMIT statement in ldap.conf would be the server side. Unless I'm mistaken on those points.

I think that since I'm using the -z 3000 switch on ldapsearch, it'd let me display 3000 entries unless the SIZELIMIT was limiting it, but no, I've changed that as well, to no avail.

And I'm using openldap, so slapd would be the ldap daemon.

acid_kewpie 02-20-2010 04:34 PM

no, you aren't going to mix server and client configs in one place. As bathory said, apply that ldif to the server and check again.

mattseanbachman 02-20-2010 05:13 PM

Okay so I did as requested, and here's the output from the ldapsearch -b "cn=config,dc=example,dc=com" -x :

# extended LDIF
#
# LDAPv3
# base <cn=config,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# config, example.com
dn: cn=config,dc=example,dc=com
objectClass: olcGlobal
cn: config
olcSizeLimit: 10000

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1




Alright, so I did that with ldapadd -x -D "cn=admin,cn=config" -f changesize.ldif -x -w mypassword . However, the same problem is cropping up once again, in that when I try to do ldapsearch -b "cn=config,dc=example,dc=com" -x, it keeps saying that the size limit is exceeded.

My knowledge of ldap and openldap is rudimentary, so it is possible that I've screwed up somewhere, and I'd be willing to check out any decent tutorials that involve working with cn=config (i.e. that explain them well). I've dealt with a variety of tutorials that don't even touch on them.

bathory 02-20-2010 06:31 PM

Quote:

dn: cn=config,dc=example,dc=com
This dn is wrong. It should be just dn: cn=config. Anyway I've tested on my slapd and it looks like you cannot change configuration parameters, like SizeLimit, with an ldif file if they do not already exist. So I've found out that you can edit the file: slapd.d/cn\=config.ldif and add:
Code:

SizeLimit: 10000
Of course you have to restart slapd. After that you can use ldif to modify it on the fly:
Code:

dn: cn=config
changetype: modify
replace: olcSizeLimit
olcSizeLimit: 20000

To verify the changes run:
Code:

ldapsearch -w mypassword -D "cn=admin,cn=config" -b cn=config '(objectClass=olcGlobal)' |grep -i SizeLimit
Regards

mattseanbachman 03-01-2010 09:38 PM

Thank you for the help thusfar, but the problem still exists.

Here's the output from the grep you mentioned:
Code:

ldapsearch -W -D "cn=admin,cn=config" -b cn=config '(objectClass=olcGlobal)' |grep -i SizeLimit
Enter LDAP Password:
olcSizeLimit: 20000


And here's the tail end of the search I did:

Code:

description: about the device

# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 501
# numEntries: 500

That output was generated with

Code:

ldapsearch -x -b "dc=example,dc=com" -z 1000
Which has a good 1000 entries in it at the present.

bathory 03-02-2010 04:37 AM

Dunno what the problem is.
The fact is that it works fine here either limiting the results number or not:
Quote:

ldapsearch -W -D "cn=admin,cn=config" -b cn=config '(objectClass=olcGlobal)' | grep SizeLimit
olcSizeLimit: 20000

ldapsearch -x -b 'dc=domain,dc=com' -z 1000

# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 1001
# numEntries: 1000


ldapsearch -x -b 'dc=domain,dc=com'

# search result
search: 2
result: 0 Success

# numResponses: 3577
# numEntries: 3576

steel169 04-05-2013 01:41 AM

Fix to problem with size
 
Just trying to close the knowledge gap on this, since this came up first on my google search.

Resolution I used was this:
-E pr=1000/noprompt
As per this page:
NOTAURL://jurjenbokma.com/ApprenticesNotes/ldapsearch_ad_query.html
Which states:

I get a size limit exceeded message from ldapsearch.

That's a client side problem, not server side. The client should simply accept multiple pages of output, and ldapclient takes the -E option to make it do just that, as shown in the examples.

It would see the size limit exceeded is the size of the result returned per page, the -E pr=1000/noprompt breaks the return into pages of 1000, and with no prompt continues operation.
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)

Hope that helps someone down the road.


All times are GMT -5. The time now is 12:59 PM.