On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
> On 17-07-18 11:48, Alexander Bokovoy wrote:
>> On ti, 17 heinä 2018, Kees Bakker wrote:
>>>> To modify you'd rather use ipa-ldap-updater tool which manages
>>>> automatically this for you when an update file is provided. In
>>>> addition,
>>>> you have some substitution variables available too. These aren't
>>>> needed
>>>> for this specific case but it would be useful in other cases.
>>>>
>>>> See
>>>>
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
>>>>
>>>> for details and read ipa-ldap-updater manual page.
>>>>
>>>
>>> Just to be sure, before I execute it. This will be my update file
>>> for ipa-ldap-updater.
>>> (The syntax wasn't fully clear from the man page.)
>>>
>>> # Change value nsslapd-cachememsize
>>> dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
>>> replace:nsslapd-cachememsize:2097152::33554432
>>>
>>> Right?
>> Yes, that's how it should be. You've got it right.
>>
>
> Hmm. I'm getting an error
>
> 2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed,
> exception: ObjectclassViolation: cannot add a value to single valued
> attribute nsslapd-cachememsize.
>
> More details from the log:
>
> 2018-07-17T09:55:10Z DEBUG Updating existing entry:
> cn=changelog,cn=ldbm database,cn=plugins,cn=config
> 2018-07-17T09:55:10Z DEBUG ---------------------------------------------
> 2018-07-17T09:55:10Z DEBUG Initial value
> 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm
> database,cn=plugins,cn=config
> 2018-07-17T09:55:10Z DEBUG nsslapd-directory:
> 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
> 2018-07-17T09:55:10Z DEBUG cn:
> 2018-07-17T09:55:10Z DEBUG changelog
> 2018-07-17T09:55:10Z DEBUG objectClass:
> 2018-07-17T09:55:10Z DEBUG top
> 2018-07-17T09:55:10Z DEBUG extensibleObject
> 2018-07-17T09:55:10Z DEBUG nsBackendInstance
> 2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
> 2018-07-17T09:55:10Z DEBUG off
> 2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
> 2018-07-17T09:55:10Z DEBUG cn=changelog
> 2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
> 2018-07-17T09:55:10Z DEBUG off
> 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
> 2018-07-17T09:55:10Z DEBUG 10485760
> 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
> 2018-07-17T09:55:10Z DEBUG -1
> 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
> 2018-07-17T09:55:10Z DEBUG 2097152
> 2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432']
> 2018-07-17T09:55:10Z DEBUG ---------------------------------------------
> 2018-07-17T09:55:10Z DEBUG Final value after applying updates
> 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm
> database,cn=plugins,cn=config
> 2018-07-17T09:55:10Z DEBUG nsslapd-directory:
> 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
> 2018-07-17T09:55:10Z DEBUG cn:
> 2018-07-17T09:55:10Z DEBUG changelog
> 2018-07-17T09:55:10Z DEBUG objectClass:
> 2018-07-17T09:55:10Z DEBUG top
> 2018-07-17T09:55:10Z DEBUG extensibleObject
> 2018-07-17T09:55:10Z DEBUG nsBackendInstance
> 2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
> 2018-07-17T09:55:10Z DEBUG off
> 2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
> 2018-07-17T09:55:10Z DEBUG cn=changelog
> 2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
> 2018-07-17T09:55:10Z DEBUG off
> 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
> 2018-07-17T09:55:10Z DEBUG 10485760
> 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
> 2018-07-17T09:55:10Z DEBUG -1
> 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
> 2018-07-17T09:55:10Z DEBUG 33554432
> 2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize',
> ['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])]
Somehow it considered adding instead of replacing.
Could you please file a ticket with all these details?
Mean while you can obviously use ldapmodify directly. I just wonder
what's wrong with replace...
not sure about the syntax of ldap updater, but
could it be that
replace:nsslapd-cachememsize:2097152::33554432
is interpreted as replacing by two values and the result is the attempt
to ADD the new value ? for replace you do not need to provide the
existing value.
> 2018-07-17T09:55:10Z DEBUG Updated 1
> 2018-07-17T09:55:10Z DEBUG Destroyed connection
> context.ldap2_139925522412176
> 2018-07-17T09:55:10Z DEBUG File
> "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171,
> in execute
> return_value = self.run()
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py",
> line 147, in run
> modified = ld.update(self.files) or modified
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
> line 918, in update
> self._run_updates(all_updates)
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
> line 892, in _run_updates
> self._update_record(update)
> File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
> line 811, in _update_record
> self.conn.update_entry(entry)
> File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line
> 1497, in update_entry
> self.conn.modify_s(str(entry.dn), modlist)
> File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line
> 975, in error_handler
> raise errors.ObjectclassViolation(info=info)
>
--
Red Hat GmbH,
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander