I am trying to use 389 ds with large amounts of data as children of entries. I have tried doing a search on these entries using ldapsearch but I keep getting the following error:
result: 11 Administrative limit exceeded
When I went to browse these entries using the server console application it said to create a "Browsing Index". I did this, and I can now view these entries inside the Server Console application however I still can not execute the ldapsearch.
I tried to delete the parent entry of all of these children using the Server Console application but it gives me the same error as the search:
Administrative limit exceeded.
I have set the "nssizelimit" attribute to -1 in config. I have also set "nslookthroughlimit" to -1 in config but I am still getting the same errors.
How can I configure my 389 ds (CentOS ds) server to stop these errors?
From what I understood, you are not able to get all entries. Looks like your are hitting admin limit exceeded.
If you want to search from a non-cn=Directory manager user. you need to add some attributes to user like below.
OpenLDAP have two configuration modes:
add to slapd.conf (static mode):
add '/path-to/cn=config/olcDatabase={-1}frontend.ldif' (dynamic mode):
selective limits can be done by 'limits' option for slapd.conf.
If this not help, you should't tag question with 'openldap'.
This solution worked for me in case of non-admin user performing ldapsearch