Re: [Freeipa-devel] [PATCH] 984 fix anonlimits dn
On Mon, 2012-03-12 at 17:58 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Wed, 2012-03-07 at 18:02 -0500, Rob Crittenden wrote: The value of nsslapd-anonlimitsdn wasn't being set properly because it wasn't quoted. This will fix it, replacing whatever is there with a correct value. rob The IPA anonlimits DN is now set correctly. However anonlimits in cn=anonymous-limits,cn=etc,SUFFIX are still empty (nsSizeLimit and nsLookThroughLimit values defined in 10-config.update are not set). Martin These are operational attributes, did you have them in the attribute list of your query? $ ldapsearch -LLL -x -b cn=anonymous-limits,cn=etc,dc=example,dc=com nssizelimit nslookthroughlimit dn: cn=anonymous-limits,cn=etc,dc=example,dc=com nssizelimit: 5000 nslookthroughlimit: 5000 rob Ah, thanks for explanation. These are indeed operational attributes and need to be queried explicitly. Works for me, ACK. Pushed to master, ipa-2-2. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 984 fix anonlimits dn
Martin Kosek wrote: On Wed, 2012-03-07 at 18:02 -0500, Rob Crittenden wrote: The value of nsslapd-anonlimitsdn wasn't being set properly because it wasn't quoted. This will fix it, replacing whatever is there with a correct value. rob The IPA anonlimits DN is now set correctly. However anonlimits in cn=anonymous-limits,cn=etc,SUFFIX are still empty (nsSizeLimit and nsLookThroughLimit values defined in 10-config.update are not set). Martin These are operational attributes, did you have them in the attribute list of your query? $ ldapsearch -LLL -x -b cn=anonymous-limits,cn=etc,dc=example,dc=com nssizelimit nslookthroughlimit dn: cn=anonymous-limits,cn=etc,dc=example,dc=com nssizelimit: 5000 nslookthroughlimit: 5000 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 984 fix anonlimits dn
On Wed, 2012-03-07 at 18:02 -0500, Rob Crittenden wrote: The value of nsslapd-anonlimitsdn wasn't being set properly because it wasn't quoted. This will fix it, replacing whatever is there with a correct value. rob The IPA anonlimits DN is now set correctly. However anonlimits in cn=anonymous-limits,cn=etc,SUFFIX are still empty (nsSizeLimit and nsLookThroughLimit values defined in 10-config.update are not set). Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel