Thursday, September 2, 2021

[389-users] Re: changing nsslapd-sizelimit in cn=config

Mark Reynolds wrote:
>
> On 9/2/21 3:04 PM, Rob Crittenden wrote:
>> In IPA I'm trying to set the value of nsslapd-sizelimit in cn=config
>> online using our LDAP tool. It is failing with LDAP error 16. What I'm
>> seeing is:
>>
>> ipapython.ipaldap: DEBUG: update_entry modlist [(1, 'nsslapd-sizelimit',
>> [b'2000']), (0, 'nsslapd-sizelimit', [b'100000'])]
>> ldap.NO_SUCH_ATTRIBUTE: {'msgtype': 103, 'msgid': 16, 'result': 16,
>> 'desc': 'No such attribute', 'ctrls': []
>>
>> Basically I'm trying to delete the original value and adding a new one.
>
> So you are doing two mods?  MOD_DELETE and MOD_ADD?   Yeah that won't
> work, needs to be MOD_REPLACE
>
> cn=config does behave differently with attributes in the top cn=config
> entry.  It's been this way for years, so I'm surprised to see an issue
> being raised about it now.  But, basically we stopped filling in the
> cn=config entry in dse.ldif with all these config attributes and instead
> made them all "invisible defaults". So if the attribute is not changed
> after install then trying to delete that attribute will fail.

I see it now. If IPA can't determine that an attribute is single-value
then it does a DELETE/ADD instead of a REPLACE. nsslapd-sizelimit isn't
in schema yet so it is assumed to be multi-valued.

I can add an exception in IPA.

thanks

rob

>
> Mark
>
>>
>> It seems like cn=config is being treated differently.
>>
>> rob
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment