Bug 1223510 - nsslapd-maxbersize should be ignored in replication
Summary: nsslapd-maxbersize should be ignored in replication
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
Depends On:
Blocks: 1346315
TreeView+ depends on / blocked
Reported: 2015-05-20 17:13 UTC by German Parente
Modified: 2019-06-13 08:31 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1346315 (view as bug list)
Last Closed: 2016-11-03 20:35:09 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2594 normal SHIPPED_LIVE Moderate: 389-ds-base security, bug fix, and enhancement update 2016-11-03 12:11:08 UTC

Description German Parente 2015-05-20 17:13:51 UTC
Description of problem:

In certain IPA envs, we can see ipa-replica-install failing because of on line init failing due to entries bigger than 2Mb.

Version-Release number of selected component (if applicable): 

observed in 389-ds-base-

But in master and 1.3 versions, default is still to 2Mb:

 git branch
* master

grep DEFAULT_MAXBERSIZE ./ldap/servers/slapd/libglobs.c 
#define DEFAULT_MAXBERSIZE 2097152

The biggest issue with this bug is that we cannot set the maxbersize to continue since the ipa-replica-install is creating instance from scratch + re-init.


Edit file /usr/share/dirsrv/data/template-dse.ldif before replica install
and a line

nsslapd-maxbersize: <new size>

under cn-config. Like:

dn: cn=config
nsslapd-maxbersize: <new size>
cn: config

Comment 4 Rich Megginson 2015-05-20 17:31:40 UTC
I'm not sure how IPA does the setup of 389, but 389 setup-ds.pl INF files provide a ConfigFile directive that can do this without having to edit template-dse.ldif


I think we should change the default in 389.  If the default is not 2MB, what should it be?

Comment 5 German Parente 2015-05-20 18:54:13 UTC
Thanks for the pointer. Perhaps this bug should be logged to ipa component and ask the ipa-replica-install command to use a right inf file ?

It's difficult to figure out a good default value. I am just showing that 2Mb is not enough for one customer.

Comment 6 Noriko Hosoi 2015-10-21 23:19:24 UTC
Comment by Ludwig:
> Re-assign to IPA or evaluate if limit can be raised or ignored under specidfic conditions, eg in replication.

It looks we are setting the maxbersize in these 2 places which does not allow us to choose "specific conditions"...
$ egrep LBER_SB_OPT_SET_MAX_INCOMING, *[ch] */*.[ch] ../plugins/*/*.[ch]
connection_table_new in conntable.c: ber_sockbuf_ctrl( ct->c[i].c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize );
handle_new_connection in daemon.c:   ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize );

May I change the component to IPA?

Comment 7 Noriko Hosoi 2015-10-27 22:21:20 UTC
Upstream ticket:

Comment 9 Mike McCune 2016-03-28 23:12:48 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 11 Simon Pichugin 2016-06-09 07:12:33 UTC
Test suite for this bugzilla was added to https://git.fedorahosted.org/git/389/ds.git repo:


Comment 12 Simon Pichugin 2016-06-09 07:20:17 UTC
Build tested:

:: [  BEGIN   ] :: Running py.test :: actually running 'py.test -v  suites/config'
============================= test session starts =============================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
cachedir: suites/config/.cache
rootdir: /export/tests/suites/config, inifile:
plugins: cov-2.2.1
collected 3 items

suites/config/config_test.py::test_maxbersize_repl PASSED
suites/config/config_test.py::test_config_listen_backport_size PASSED
suites/config/config_test.py::test_config_deadlock_policy PASSED

========================== 3 passed in 56.97 seconds ==========================
:: [   PASS   ] :: Running py.test (Expected 0, got 0)

Marking as verified.

Comment 14 errata-xmlrpc 2016-11-03 20:35:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.