Thursday, September 2, 2021

[389-users] Re: changing nsslapd-sizelimit in cn=config

On 9/2/21 4:44 PM, Rob Crittenden wrote:
> Mark Reynolds wrote:
>> On 9/2/21 3:04 PM, Rob Crittenden wrote:
>>> In IPA I'm trying to set the value of nsslapd-sizelimit in cn=config
>>> online using our LDAP tool. It is failing with LDAP error 16. What I'm
>>> seeing is:
>>>
>>> ipapython.ipaldap: DEBUG: update_entry modlist [(1, 'nsslapd-sizelimit',
>>> [b'2000']), (0, 'nsslapd-sizelimit', [b'100000'])]
>>> ldap.NO_SUCH_ATTRIBUTE: {'msgtype': 103, 'msgid': 16, 'result': 16,
>>> 'desc': 'No such attribute', 'ctrls': []
>>>
>>> Basically I'm trying to delete the original value and adding a new one.
>> So you are doing two mods?  MOD_DELETE and MOD_ADD?   Yeah that won't
>> work, needs to be MOD_REPLACE
>>
>> cn=config does behave differently with attributes in the top cn=config
>> entry.  It's been this way for years, so I'm surprised to see an issue
>> being raised about it now.  But, basically we stopped filling in the
>> cn=config entry in dse.ldif with all these config attributes and instead
>> made them all "invisible defaults". So if the attribute is not changed
>> after install then trying to delete that attribute will fail.
> I see it now. If IPA can't determine that an attribute is single-value
> then it does a DELETE/ADD instead of a REPLACE. nsslapd-sizelimit isn't
> in schema yet so it is assumed to be multi-valued.
>
> I can add an exception in IPA.
Well we want to add these core config attributes to the schema, but we
just haven't gotten around to it yet :-/
>
> thanks
>
> rob
>
>> Mark
>>
>>> It seems like cn=config is being treated differently.
>>>
>>> rob
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>>> Fedora Code of Conduct:
>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>>
>>> Do not reply to spam on the list, report it:
>>> https://pagure.io/fedora-infrastructure

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)