Red Hat Bugzilla – Bug 1223510
nsslapd-maxbersize should be ignored in replication
Last modified: 2016-11-03 16:35:09 EDT
Description of problem: In certain IPA envs, we can see ipa-replica-install failing because of on line init failing due to entries bigger than 2Mb. Version-Release number of selected component (if applicable): observed in 389-ds-base-1.2.11.15-50 But in master and 1.3 versions, default is still to 2Mb: git branch 389-ds-base-1.2.11 * master grep DEFAULT_MAXBERSIZE ./ldap/servers/slapd/libglobs.c #define DEFAULT_MAXBERSIZE 2097152 The biggest issue with this bug is that we cannot set the maxbersize to continue since the ipa-replica-install is creating instance from scratch + re-init. Workaround: Edit file /usr/share/dirsrv/data/template-dse.ldif before replica install and a line nsslapd-maxbersize: <new size> under cn-config. Like: dn: cn=config nsslapd-maxbersize: <new size> cn: config
I'm not sure how IPA does the setup of 389, but 389 setup-ds.pl INF files provide a ConfigFile directive that can do this without having to edit template-dse.ldif https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Installation_Guide/Advanced_Configuration-Silent.html#Using-ConfigFile-for-DS-Config I think we should change the default in 389. If the default is not 2MB, what should it be?
Thanks for the pointer. Perhaps this bug should be logged to ipa component and ask the ipa-replica-install command to use a right inf file ? It's difficult to figure out a good default value. I am just showing that 2Mb is not enough for one customer.
Comment by Ludwig: > Re-assign to IPA or evaluate if limit can be raised or ignored under specidfic conditions, eg in replication. It looks we are setting the maxbersize in these 2 places which does not allow us to choose "specific conditions"... $ egrep LBER_SB_OPT_SET_MAX_INCOMING, *[ch] */*.[ch] ../plugins/*/*.[ch] connection_table_new in conntable.c: ber_sockbuf_ctrl( ct->c[i].c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize ); handle_new_connection in daemon.c: ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize ); May I change the component to IPA?
Upstream ticket: https://fedorahosted.org/389/ticket/48326
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Test suite for this bugzilla was added to https://git.fedorahosted.org/git/389/ds.git repo: dirsrvtests/tests/suites/config/config_test.py::test_maxbersize_repl
Build tested: 389-ds-base-1.3.5.4-1.el7 :: [ BEGIN ] :: Running py.test :: actually running 'py.test -v suites/config' ============================= test session starts ============================= platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python cachedir: suites/config/.cache rootdir: /export/tests/suites/config, inifile: plugins: cov-2.2.1 collected 3 items suites/config/config_test.py::test_maxbersize_repl PASSED suites/config/config_test.py::test_config_listen_backport_size PASSED suites/config/config_test.py::test_config_deadlock_policy PASSED ========================== 3 passed in 56.97 seconds ========================== :: [ PASS ] :: Running py.test (Expected 0, got 0) Marking as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2594.html