From Fedora Directory Server
How to count large number of attribute entries using an anonymous bind
You can adjust 2 parameters in your slapd-<instance-name>/config/dse.ldif configuration file, the default values are:
nsslapd-lookthroughlimit: 5000 nsslapd-sizelimit: 2000
nsslapd-sizelimit can be overwritten with -z ldapsearch's option.
In general, lookthroughlimit is much stricter than sizelimit.
For example, let's say a user wants to do an unindexed search for (description=*something*), and there are 5000 users and 1000 users who have a description attribute that matches *something*. The server will have to search through every entry in sequential (indeterminate) order to find matches.
If you set lookthroughlimit to be 1000, and set sizelimit to be unlimited, the server will look at up to 1000 entries looking for description=*something*. Some of them may match, some of them may not, and the server will return 1000 or fewer entries (indeterminate). The server is limited in the amount of work it performs searching through the database.
If you set sizelimit to be 1000, and set lookthroughlimit to be unlimited, the server could look at all 5000 user entries, until it finds 1000 entries which match, at which point it will terminate the search and return the 1000 entries to the user.
Entry dn for nsslapd-lookthroughlimit, a database attribute:
cn=config,cn=ldbm database,cn=plugins,cn=config
Entry dn for nsslapd-sizelimit:
cn=config
Using the java console, you can set the entry size limit for your instance in the right frame, under "Performances | Size Limit" Product documentation:
Configuration, Command, and File Reference, page 81 https://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf
Admin guide, "Managing Indexes | Overview of the Searching Algorithm" https://www.redhat.com/docs/manuals/dir-server/ag/7.1/index1.html - nsslapd-sizelimit which specifies the maximum number of entries to return from a search operation. If this limit is reached, the directory returns any entries it has located that match the search request, as well as an exceeded size limit error. - nsslapd-lookthroughlimit which specifies the maximum number of entries that the directory will check when examining candidate entries in response to a search request.
