Alex M via FreeIPA-users wrote:
Martin,
After some tests, i found that the value for the nsslapd-sasl-max-buffer-size is reset
to default (2097152) during installation. It is correct?
ipa-server-install -d --dirsrv-config-file=update.ldif
update.ldif
dn: cn=config
changetype: modify
replace: nsslapd-maxsasliosize
nsslapd-maxsasliosize: 10485760
-
replace: nsslapd-sasl-max-buffer-size
nsslapd-sasl-max-buffer-size: 10485760
or
dn: cn=config
changetype: modify
replace: nsslapd-maxsasliosize
nsslapd-maxsasliosize: 10485760
dn: cn=config
changetype: modify
replace: nsslapd-sasl-max-buffer-size
nsslapd-sasl-max-buffer-size: 10485760
I've tried both.
Log files:
From ipaserver-install.log (Centos 7.4)
~
2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-12T16:52:38Z DEBUG 10485760
~
2018-02-12T16:52:38Z DEBUG only: set nsslapd-sasl-max-buffer-size to '2097152',
current value [u'10485760']
2018-02-12T16:52:38Z DEBUG only: updated value [u'2097152']
2018-02-12T16:52:38Z DEBUG ---------------------------------------------
2018-02-12T16:52:38Z DEBUG Final value after applying updates
~
2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-12T16:52:38Z DEBUG 2097152
~
2018-02-12T16:52:38Z DEBUG [(2, u'nsslapd-sasl-max-buffer-size',
[u'2097152'])]
2018-02-12T16:52:38Z DEBUG Updated 1
2018-02-12T16:52:38Z DEBUG Done
2018-02-12T16:52:38Z DEBUG Updating existing entry: cn=config
~
2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-12T16:52:38Z DEBUG 2097152
The same for the Fedora 27 ipaserver-nstall.log:
~
2018-02-13T10:45:57Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-13T10:45:57Z DEBUG 10485760
~
2018-02-13T10:45:57Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read
access"; allow (read, search, compare) userdn =
"ldap:///uid=pkidbuser,ou=people,o=ipaca";)
2018-02-13T10:45:57Z DEBUG only: set nsslapd-sasl-max-buffer-size to '2097152',
current value ['10485760']
2018-02-13T10:45:57Z DEBUG only: updated value ['2097152']
~
2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-13T10:45:58Z DEBUG 2097152
~
2018-02-13T10:45:58Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read
access"; allow (read, search, compare) userdn =
"ldap:///uid=pkidbuser,ou=people,o=ipaca";)
2018-02-13T10:45:58Z DEBUG [(2, 'nsslapd-sasl-max-buffer-size',
['2097152'])]
2018-02-13T10:45:58Z DEBUG Updated 1
2018-02-13T10:45:58Z DEBUG Done
2018-02-13T10:45:58Z DEBUG Updating existing entry: cn=config
~
2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size:
2018-02-13T10:45:58Z DEBUG 2097152
This shows that an LDAP update file in IPA is making the change but I
can't seem to find that in the source tree.
Can you provide more context to the logging? Look for "Parsing update
file '<foo>'" in the lines before this.
rob