The value of nsslapd-anonlimitsdn wasn't being set properly because it wasn't quoted. This will fix it, replacing whatever is there with a correct value.

rob
>From a20cb5be4922df78c3ad0ede74bfae5cc9d617a1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 7 Mar 2012 17:59:19 -0500
Subject: [PATCH] Fix nsslapd-anonlimitsdn dn in cn=config

The dn value needs to be quoted otherwise it is interpreted to be a
multi-value.

This will replace whatever value is currently set.

https://fedorahosted.org/freeipa/ticket/2452
---
 install/updates/10-config.update |    2 +-
 ipaserver/ipaldap.py             |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index 420e048805e86010f03b8b544e6cf9cd31069e53..97fbdef2d20d4bc444f0c94fbea6fb76e7e45603 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -31,7 +31,7 @@ default:nsSizeLimit: 5000
 default:nsLookThroughLimit: 5000
 
 dn: cn=config
-add:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX
+only:nsslapd-anonlimitsdn:'cn=anonymous-limits,cn=etc,$SUFFIX'
 
 # Add a defaultNamingContext if one hasn't already been set. This was
 # introduced in 389-ds-base-1.2.10-0.9.a8. Adding this to a server that
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index cf19beee051bd011d96136f98831f3378dbd932e..9a8d9e121cea661b34c37137d2c9c454e587ea7b 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -540,7 +540,7 @@ class IPAdmin(IPAEntryLDAPObject):
 
         # Some attributes, like those in cn=config, need to be replaced
         # not deleted/added.
-        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit')
+        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn')
         modlist = []
 
         old_entry = ipautil.CIDict(old_entry)
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to