getent truncating output
This little chestnut just caught me out. I’m trying to test some theories with maximum users and groups etc on linux using a ldap backend for authentication. I’ve run a little script which happily created me 65536 groups and 65536 users but when I use ‘getent group’ or ‘getent password’ it only seems to return 500 ldap entries.
It turns out the problem lies not with getent but with slapd limiting the returned results for any given query, the default is 500 (man 5 slapd.conf). The solution is to add ‘sizelimit -1′ to slapd.conf, restart and now getent should return the correct answer.
Hi,
I have also setup a ldap server for authentication, it also uses ssh keys. I was wondering, how you approached the issue of creating new users directly on ldap and not creating the account on the local machine? and at the same time blocking those user being able to logon to the actual ldap server itself as they would have access to the directory?
When I was running LDAP for user administration and mail routing I rolled my own php scripts as the situation I was in required a slightly different schema than all the standard php scripts out there dealt with at the time.
There are a few good web based admin tools out there now I believe for LDAP user management.
Kashif, we have an entire home grown user provisioning system for user creation on the cluster, its all a little specialised for use outside of our rig (chrooted kde desktops etc) otherwise I would post it here. But as Toby points out it is typical to roll your own. phpldapadmin. Is very useful I find. SuSE’s YaST seems to be able to create users and groups directory in LDAP, but if you are using that you are using SuSE which means you have far bigger problems
I was thinking of trying out Fedora Directory server as this would address my needs i think, and has a very cool management interface.