Bug 1527020
Summary: | nsslapd-sasl-max-buffer-size is hardcoded to '2097152' during install even if another value was provided in an LDIF ( --dirsrv-config-file ) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | François Cami <fcami> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | amarecek, cheimes, ipa-maint, ndehadra, pasik, pvoborni, rcritten, sumenon, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.6.4-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:57:12 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1477664 |
Description
François Cami
2017-12-18 11:17:34 UTC
The value of nsslapd-sasl-max-buffer-size is overwritten at the end of the installation, because of the step upgrading the server. The upgrade is loading the content from the file 10-config.update which contains the following: # Default SASL buffer size was too small and could lead for example to # migration errors # Can be removed when https://fedorahosted.org/389/ticket/47457 is fixed dn: cn=config only:nsslapd-sasl-max-buffer-size:2097152 Note that ticket 47457 has been fixed in 389-ds-base-1.3.2 and 389-ds-base-1.2.11, and the default value for nsslapd-sasl-max-buffer-size is already 2097152 in 389-ds. This means that we can safely remove nsslapd-sasl-max-buffer-size from 10-config.update. In this case, any value supplied with ipa-server-install --dirsrv-config-file will be taken into account. Upstream ticket: https://pagure.io/freeipa/issue/7341 ipa-4-6: 2212fb5 10-config.update: remove nsslapd-sasl-max-buffer-size override as https://pagure.io/389-ds-base/issue/47457 was fixed directly in 389 Directory Server. ipa-4-5: 8a0e790 10-config.update: remove nsslapd-sasl-max-buffer-size override as https://pagure.io/389-ds-base/issue/47457 was fixed directly in 389 Directory Server. nsslapd-sasl-max-buffer-size was set to 50000000 when specified ldif was provided input to the ipa-server-install command. Verified on Red Hat Enterprise Linux Server release 7.6 Beta (Maipo) using [root@master ~]# rpm -q ipa-server sssd samba krb5-server pki-server selinux-policy 389-ds-base ipa-server-4.6.4-6.el7.x86_64 sssd-1.16.2-12.el7.x86_64 samba-4.8.3-4.el7.x86_64 krb5-server-1.15.1-34.el7.x86_64 pki-server-10.5.9-6.el7.noarch selinux-policy-3.13.1-219.el7.noarch 389-ds-base-1.3.8.4-11.el7.x86_64 [root@master ~]# ipa-server-install --dirsrv-config-file params.ldif ....... ....... Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring apollo.test as NIS domain. Client configuration complete. The ipa-client-install command was successful /var/log/ipaserver-install.log 2018-08-24T10:51:43Z DEBUG nsslapd-sasl-max-buffer-size: 2018-08-24T10:51:43Z DEBUG 50000000 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3187 |