Bug 782921

Summary: [RFE] Add central configuration for size and look through limits
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: jgalipea, mkosek
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.2.0-1.el6 Doc Type: Enhancement
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:29:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2012-01-18 21:01:29 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/1888

Using class of service it is possible to create a share configuration in the replicated tree to overlay each user with default nsSizeLimit and nsLookThrougLimit attributes.

This has the same effect of changing the database level local configuration in cn=config for all authenticated users, except it is shared by all servers and available in the replicated tree and easy to access by admins and the WebUI (if desired).

the idlistscanlimit cannot yet be changed this way though.
Comment 1 Rob Crittenden 2012-01-19 16:25:56 UTC 
Update limits
master: 9724251292e4c0797367fcc351a9f16f30c6aefe
ipa-2-1: 36c63ee8eb8ab4d12feb0402e2fa58ada8a211ef

Temporary fix
master: 9a4fd254ff69bc34c6d14b2255d49c3297380231
ipa-2-1: 411c303ae8a8eaa4076b36f641c363de98a97fcc
Comment 5 Martin Kosek 2012-04-20 11:01:53 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 6 Jenny Severance 2012-04-27 18:41:20 UTC 
verified ::

# ldapsearch -x -D "cn=Directory Manager" -w mypassword -b "cn=anonymous-limits,cn=etc,dc=testrelm,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=anonymous-limits,cn=etc,dc=testrelm,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# anonymous-limits, etc, testrelm.com
dn: cn=anonymous-limits,cn=etc,dc=testrelm,dc=com
objectClass: nsContainer
objectClass: top
cn: anonymous-limits

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


# ldapsearch -x -D "cn=Directory Manager" -w mypassword -b "cn=config,cn=ldbm database,cn=plugins,cn=config" | grep nsslapd-idlistscanlimit
nsslapd-idlistscanlimit: 100000

version ::
ipa-server-2.2.0-11.el6.x86_64
Comment 7 Jenny Severance 2012-04-27 18:50:59 UTC 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz782921 Add central configuration for size and look through limits
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Check for centralized look through limits configuration
:: [   PASS   ] :: nsslapd-idlistscanlimit as expected '100000'
:: [   LOG    ] :: Duration: 0s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: bz782921 Add central configuration for size and look through limits
Comment 9 errata-xmlrpc 2012-06-20 13:29:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html