Bug 798361
Summary: | Missing anonymous limits in IPA | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | jgalipea, mkosek |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.2.0-4.el6 | Doc Type: | Bug Fix |
Doc Text: |
No documentation needed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 13:20:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rob Crittenden
2012-02-28 18:04:30 UTC
We increase the server global limits to: dn: cn=config,cn=ldbm database,cn=plugins,cn=config nsslapd-lookthroughlimit:100000 nsslapd-idlistscanlimit:100000 The attempt to limit anonymous searches was incorrect but it should look like: dn: cn=anonymous-limits,cn=etc,$SUFFIX objectclass:nsContainer objectclass:top cn: anonymous-limits nsSizeLimit: 5000 And in cn=config a pointer to this limit: nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/f5e5bf8f82ba2051ace5fc5f29d7bf25631e0a2c ipa-2-2: https://fedorahosted.org/freeipa/changeset/54ab3e1245e2cc0ba4acbde4d9484fd723fab028 verified : # ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep nsslapd-lookthroughlimit nsslapd-lookthroughlimit: 100000 # ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=config" | grep nsslapd-idlistscanlimit nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-idlistscanlimit nsslapd-idlistscanlimit: 100000 version : ipa-server-2.2.0-4.el6.x86_64 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |