summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-09-27 14:59:21 -0400
committerSimo Sorce <ssorce@redhat.com>2011-10-12 16:46:36 -0400
commitda3539c40ccbba23ce8d3aafa1dae655e891deab (patch)
tree73ebdea7ba7aba8af0acaa7a419056fae29fc17d
parent8b7eb0424217a7d272c426d82dfe4ee30ac2c096 (diff)
downloadfreeipa-da3539c40ccbba23ce8d3aafa1dae655e891deab.tar.gz
freeipa-da3539c40ccbba23ce8d3aafa1dae655e891deab.tar.xz
freeipa-da3539c40ccbba23ce8d3aafa1dae655e891deab.zip
updates: Change default limits on ldap searches
Fixes: https://fedorahosted.org/freeipa/ticket/1867
Diffstat
-rw-r--r--install/updates/10-config.update20
1 files changed, 20 insertions, 0 deletions
diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index 133ec6766..fe7a4bd06 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -12,3 +12,23 @@ remove: nsslapd-pluginPrecedence: 60
# plugins (the default is 50).
dn: cn=IPA MODRDN,cn=plugins,cn=config
only: nsslapd-pluginPrecedence: 60
+
+# Set limits to suite better IPA deployment sizes, defaults are too
+# conservative
+dn: cn=config
+default: nsslapd-sizelimit:100000
+
+dn: cn=config,cn=ldbm database,cn=plugins,cn=config
+replace: nsslapd-lookthroughlimit:5000::100000
+replace: nsslapd-idlistscanlimit:4000::100000
+
+#Set much lower limits for anonymous searhes
+dn: cn=anonymous-limits,cn=etc,$SUFFIX
+default:objectclass:nsContainer
+default:objectclass:top
+default:cn: anonymous-limits
+default:nsSizeLimit: 5000
+default:nsLookThroughLimit: 5000
+
+dn: cn=config
+add:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX
generated by cgit (git 2.34.1) at 2024-04-19 17:23:00 +0000