ldap_search Administrative limit exceeded

ldap_search Administrative limit exceeded

While performing ldap search on ODSEE ldap server,if you are getting the error ldap_search: Administrative limit exceeded, then follow the below steps to fix this issue

The following attributes in the ldap server are used to restrict the searching in the ldap server.

1. look-through-limit

2. search-size-limit

3. search-time-limit

You can set this on the server side or for individual users.

By executing the dsconf command to get/set these server properties.  To get more details about dsconf command execute

./dsconf –help in unix and ./dsconf.exe –help on windows.

 

Command

./dsconf get-server-prop -h localhost -p 389 -v -i -D “cn=Directory Manager” -w password-file

“password-file” file has “cn=Directory Manager” password.

This command will return all the directory server properties

In ODSEE

./dsconf get-server-prop -h localhost -p 2389 search-size-limit search-Time-Limit look-through-limit

The deafult values for the server is given below ,

ldap search Administrative limit exceeded ldap search Administrative limit exceeded

 

 

 

 

 

You can change the sever properties using the dsconf set-server-prop

./dsconf set-server-prop  -h localhost -p 389 search-size-limit:5001

./dsconf set-server-prop  -h localhost -p 389 search-Time-Limit:3601

./dsconf set-server-prop  -h localhost -p 389 Look-Through-Limit:3601

./dsconf  set-server-prop  -h localhost -p 389 search-size-limit: 5001

In Sun Directory Server

./dsconf get-server-prop -h localhost -p 389 -D “cn=Directory Manager” -w password-file nssizelimit nsTimeLimit nsLookThroughLimit

./dsconf set-server-prop  -h localhost -p 2389 nssizelimit:5001

./dsconf set-server-prop  -h localhost -p 2389 nsTimeLimit:3601

./dsconf set-server-prop  -h localhost -p 2389 nsLookThroughLimit:3601

 

Also you can change the values to individual users using the ldap modify commands.

After making the above changes if you are still not able to search using the user , make sure that the ACI’s are updated to allow the user to perform the search .

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>