Bug 782921 - [RFE] Add central configuration for size and look through limits
Summary: [RFE] Add central configuration for size and look through limits
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-18 21:01 UTC by Dmitri Pal
Modified: 2013-05-22 18:50 UTC (History)
2 users (show)

Fixed In Version: ipa-2.2.0-1.el6
Doc Type: Enhancement
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:29:40 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Dmitri Pal 2012-01-18 21:01:29 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/1888

Using class of service it is possible to create a share configuration in the replicated tree to overlay each user with default nsSizeLimit and nsLookThrougLimit attributes.

This has the same effect of changing the database level local configuration in cn=config for all authenticated users, except it is shared by all servers and available in the replicated tree and easy to access by admins and the WebUI (if desired).

the idlistscanlimit cannot yet be changed this way though.
Comment 1 Rob Crittenden 2012-01-19 16:25:56 UTC 
Update limits
master: 9724251292e4c0797367fcc351a9f16f30c6aefe
ipa-2-1: 36c63ee8eb8ab4d12feb0402e2fa58ada8a211ef

Temporary fix
master: 9a4fd254ff69bc34c6d14b2255d49c3297380231
ipa-2-1: 411c303ae8a8eaa4076b36f641c363de98a97fcc
Comment 5 Martin Kosek 2012-04-20 11:01:53 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 6 Jenny Severance 2012-04-27 18:41:20 UTC 
verified ::

# ldapsearch -x -D "cn=Directory Manager" -w mypassword -b "cn=anonymous-limits,cn=etc,dc=testrelm,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=anonymous-limits,cn=etc,dc=testrelm,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# anonymous-limits, etc, testrelm.com
dn: cn=anonymous-limits,cn=etc,dc=testrelm,dc=com
objectClass: nsContainer
objectClass: top
cn: anonymous-limits

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


# ldapsearch -x -D "cn=Directory Manager" -w mypassword -b "cn=config,cn=ldbm database,cn=plugins,cn=config" | grep nsslapd-idlistscanlimit
nsslapd-idlistscanlimit: 100000

version ::
ipa-server-2.2.0-11.el6.x86_64
Comment 7 Jenny Severance 2012-04-27 18:50:59 UTC 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz782921 Add central configuration for size and look through limits
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Check for centralized look through limits configuration
:: [   PASS   ] :: nsslapd-idlistscanlimit as expected '100000'
:: [   LOG    ] :: Duration: 0s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: bz782921 Add central configuration for size and look through limits
Comment 9 errata-xmlrpc 2012-06-20 13:29:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.