Bug 864594
Summary: | anonymous limits are being applied to directory manager | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Noriko Hosoi <nhosoi> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 6.4 | CC: | jgalipea, mkubik, mreynolds, nkinder |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
Setting anonymous resource limits
Consequence:
The anonymous limits are incorrectly applied to the root DN
Fix:
Ensure the anonymous resource limits are removed for root DN binds.
Result:
Root DN does not hit the resource limits when doing searches.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 08:21:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Noriko Hosoi
2012-10-09 17:28:22 UTC
From the trac ticket: -------------------------------------------------- Here are the exact steps to reproduce the issue: [1] Add the resource limit entry: dn: cn=anonymous limits,dc=example,dc=com cn: anonymous limits objectClass: top objectClass: nscontainer nsLookThroughLimit: 5000 [2] Then add this to cn=config: nsslapd-anonlimitsdn: cn=anonymous limits,dc=example,dc=com [3] Add 5001 entries [4] do a ldapsearch for objectclass=*: ldapsearch -D "cn=directory manager" -w password -xLLL -b "dc=example,dc=com" objectclass=* dn Administrative limit exceeded (11) -------------------------------------------------- $ /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w Secret123 -s sub -b "ou=people,dc=anonymousresourcelimit,dc=example,dc=com" uid="anonymous manager" nsLookThroughLimit version: 1 dn: uid=anonymous manager,ou=people,dc=anonymousresourcelimit,dc=example,dc=com nsLookThroughLimit: 10 $ /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w Secret123 -s sub -b "ou=people,dc=anonymousresourcelimit,dc=example,dc=com" uid=* dn | grep "dn: " | wc -l 10000 $ echo $? 0 $ rpm -qa | grep 389-ds-base 389-ds-base-1.2.11.15-3.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html Covered in anonymousResourceLimit suite |