So my advice - Sometimes we see this error when you use ldaps:// to a
plaintext port IE ldaps://hostname:389. Is this possibly the issue you
have replication set to SSL to a plaintext port?
I think in that case the message is:
Connection - conn=167482 fd=121 Incoming BER Element was 3 bytes, max allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in cn=config to increase.
Note that it mentions the element size of 3 bytes. In the case in this thread however I don’t see a size mentioned:
ns-slapd[45565]: [02/Dec/2017:22:47:52.520338378 +0000] connection - conn=1229556 fd=588 Incoming BER Element was too long, max allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in cn=config to increase.
This makes me think it’s a different situation. I would imagine it shouldn’t have been logged if it was ignored? But it’s possible...
Thanks,
Sergei