LDAP: ldapsearch can't return more than 500 results; Also, can't find slapd.conf
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
LDAP: ldapsearch can't return more than 500 results; Also, can't find slapd.conf
Hello,
I've scoured the web for a solution to this to no avail, so I'm bringing my issue here.
If I do something to the effect of this:
ldapsearch -b "dc=example,dc=com" -x -z 3000
I'll get this back at the end of the result set:
# search result
search: 2
result: 4 Size limit exceeded
# numResponses: 501
# numEntries: 500
The thing is is that I have way more (thousands) than what's being displayed here. And I've tried to mess around with /etc/ldap.conf, changing the SIZELIMIT directive to something else, 10000, let's say, and restarting the server, but the same goddamn thing happens.
I've been messing around with this for quite some time now, hopefully someone will be able to shed some light on this so that I can learn my way out of this mess that is LDAP. Also in a related matter, I'm running Mint (based off of Ubuntu), and all the documentation that I've seen (probably read a good 100+ pages in a few days now on this) keeps telling me to make changes to my slapd.conf file. What slapd.conf file? It doesn't exist, I can't find it at least. find / -name slapd.conf turns up nothing.
This is a server side setting, and you've not said anything at all about what server this is, merely the client you're using. You can't make the client override a security setting on the server if the server doesn't want to. Added to that, slapd.conf is the config file for the openldap server, again suggesting you don't have any control of the server..?
I guess the openldap server uses the new config style (cn=config) and not /etc/ldap/slapd.conf.
If that's the case you should use an ldif file to change the default sizelimit (500) to what you want (3000):
Well I thought the number of results displayed could be both a server side problem and a client side problem. ldapsearch has a -z switch that lets you specify the number of results displayed. The SIZELIMIT statement in ldap.conf would be the server side. Unless I'm mistaken on those points.
I think that since I'm using the -z 3000 switch on ldapsearch, it'd let me display 3000 entries unless the SIZELIMIT was limiting it, but no, I've changed that as well, to no avail.
And I'm using openldap, so slapd would be the ldap daemon.
Alright, so I did that with ldapadd -x -D "cn=admin,cn=config" -f changesize.ldif -x -w mypassword . However, the same problem is cropping up once again, in that when I try to do ldapsearch -b "cn=config,dc=example,dc=com" -x, it keeps saying that the size limit is exceeded.
My knowledge of ldap and openldap is rudimentary, so it is possible that I've screwed up somewhere, and I'd be willing to check out any decent tutorials that involve working with cn=config (i.e. that explain them well). I've dealt with a variety of tutorials that don't even touch on them.
This dn is wrong. It should be just dn: cn=config. Anyway I've tested on my slapd and it looks like you cannot change configuration parameters, like SizeLimit, with an ldif file if they do not already exist. So I've found out that you can edit the file: slapd.d/cn\=config.ldif and add:
Code:
SizeLimit: 10000
Of course you have to restart slapd. After that you can use ldif to modify it on the fly:
Just trying to close the knowledge gap on this, since this came up first on my google search.
Resolution I used was this:
-E pr=1000/noprompt
As per this page:
NOTAURL://jurjenbokma.com/ApprenticesNotes/ldapsearch_ad_query.html
Which states:
I get a size limit exceeded message from ldapsearch.
That's a client side problem, not server side. The client should simply accept multiple pages of output, and ldapclient takes the -E option to make it do just that, as shown in the examples.
It would see the size limit exceeded is the size of the result returned per page, the -E pr=1000/noprompt breaks the return into pages of 1000, and with no prompt continues operation.
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.