[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Rob, From my log file: line 8764: 2018-02-13T14:48:08Z DEBUG Parsing update file '/usr/share/ipa/updates/10-config.update' 2018-02-13T14:48:08Z DEBUG Updating existing entry: cn=config file /usr/share/ipa/updates/10-config.update: ~lines 61-65 # Default SASL buffer size was too small and could lead for example to # migration errors # Can be removed when https://fedorahosted.org/389/ticket/47457 is fixed dn: cn=config only:nsslapd-sasl-max-buffer-size:2097152 ~ ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Alex M via FreeIPA-users wrote: > Martin, > > After some tests, i found that the value for the > nsslapd-sasl-max-buffer-size is reset to default (2097152) during > installation. It is correct? > > ipa-server-install -d --dirsrv-config-file=update.ldif > > update.ldif > > dn: cn=config > changetype: modify > replace: nsslapd-maxsasliosize > nsslapd-maxsasliosize: 10485760 > - > replace: nsslapd-sasl-max-buffer-size > nsslapd-sasl-max-buffer-size: 10485760 > > or > > dn: cn=config > changetype: modify > replace: nsslapd-maxsasliosize > nsslapd-maxsasliosize: 10485760 > dn: cn=config > changetype: modify > replace: nsslapd-sasl-max-buffer-size > nsslapd-sasl-max-buffer-size: 10485760 > > I've tried both. > > Log files: > > From ipaserver-install.log (Centos 7.4) > ~ > 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-12T16:52:38Z DEBUG10485760 > ~ > 2018-02-12T16:52:38Z DEBUG only: set nsslapd-sasl-max-buffer-size to > '2097152', current value [u'10485760'] > 2018-02-12T16:52:38Z DEBUG only: updated value [u'2097152'] > 2018-02-12T16:52:38Z DEBUG - > 2018-02-12T16:52:38Z DEBUG Final value after applying updates > ~ > 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-12T16:52:38Z DEBUG2097152 > ~ > 2018-02-12T16:52:38Z DEBUG [(2, u'nsslapd-sasl-max-buffer-size', > [u'2097152'])] > 2018-02-12T16:52:38Z DEBUG Updated 1 > 2018-02-12T16:52:38Z DEBUG Done > 2018-02-12T16:52:38Z DEBUG Updating existing entry: cn=config > ~ > 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-12T16:52:38Z DEBUG2097152 > > The same for the Fedora 27 ipaserver-nstall.log: > ~ > 2018-02-13T10:45:57Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-13T10:45:57Z DEBUG10485760 > ~ > 2018-02-13T10:45:57Z DEBUG(targetattr != aci)(version 3.0; aci "cert > manager read access"; allow (read, search, compare) userdn = > "ldap:///uid=pkidbuser,ou=people,o=ipaca;;) > 2018-02-13T10:45:57Z DEBUG only: set nsslapd-sasl-max-buffer-size to > '2097152', current value ['10485760'] > 2018-02-13T10:45:57Z DEBUG only: updated value ['2097152'] > ~ > 2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-13T10:45:58Z DEBUG2097152 > ~ > 2018-02-13T10:45:58Z DEBUG(targetattr != aci)(version 3.0; aci "cert > manager read access"; allow (read, search, compare) userdn = > "ldap:///uid=pkidbuser,ou=people,o=ipaca;;) > 2018-02-13T10:45:58Z DEBUG [(2, 'nsslapd-sasl-max-buffer-size', ['2097152'])] > 2018-02-13T10:45:58Z DEBUG Updated 1 > 2018-02-13T10:45:58Z DEBUG Done > 2018-02-13T10:45:58Z DEBUG Updating existing entry: cn=config > ~ > 2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size: > 2018-02-13T10:45:58Z DEBUG2097152 This shows that an LDAP update file in IPA is making the change but I can't seem to find that in the source tree. Can you provide more context to the logging? Look for "Parsing update file ''" in the lines before this. rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Martin, After some tests, i found that the value for the nsslapd-sasl-max-buffer-size is reset to default (2097152) during installation. It is correct? ipa-server-install -d --dirsrv-config-file=update.ldif update.ldif dn: cn=config changetype: modify replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 - replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 or dn: cn=config changetype: modify replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 dn: cn=config changetype: modify replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 I've tried both. Log files: From ipaserver-install.log (Centos 7.4) ~ 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-12T16:52:38Z DEBUG 10485760 ~ 2018-02-12T16:52:38Z DEBUG only: set nsslapd-sasl-max-buffer-size to '2097152', current value [u'10485760'] 2018-02-12T16:52:38Z DEBUG only: updated value [u'2097152'] 2018-02-12T16:52:38Z DEBUG - 2018-02-12T16:52:38Z DEBUG Final value after applying updates ~ 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-12T16:52:38Z DEBUG 2097152 ~ 2018-02-12T16:52:38Z DEBUG [(2, u'nsslapd-sasl-max-buffer-size', [u'2097152'])] 2018-02-12T16:52:38Z DEBUG Updated 1 2018-02-12T16:52:38Z DEBUG Done 2018-02-12T16:52:38Z DEBUG Updating existing entry: cn=config ~ 2018-02-12T16:52:38Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-12T16:52:38Z DEBUG 2097152 The same for the Fedora 27 ipaserver-nstall.log: ~ 2018-02-13T10:45:57Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-13T10:45:57Z DEBUG 10485760 ~ 2018-02-13T10:45:57Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca;;) 2018-02-13T10:45:57Z DEBUG only: set nsslapd-sasl-max-buffer-size to '2097152', current value ['10485760'] 2018-02-13T10:45:57Z DEBUG only: updated value ['2097152'] ~ 2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-13T10:45:58Z DEBUG 2097152 ~ 2018-02-13T10:45:58Z DEBUG (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca;;) 2018-02-13T10:45:58Z DEBUG [(2, 'nsslapd-sasl-max-buffer-size', ['2097152'])] 2018-02-13T10:45:58Z DEBUG Updated 1 2018-02-13T10:45:58Z DEBUG Done 2018-02-13T10:45:58Z DEBUG Updating existing entry: cn=config ~ 2018-02-13T10:45:58Z DEBUG nsslapd-sasl-max-buffer-size: 2018-02-13T10:45:58Z DEBUG 2097152 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
On 02/09/2018 10:50 AM, Alex M via FreeIPA-users wrote: Ludwig, thank you for reply! One more question, if the one of the ldap path differs, the structure of update.ldif file is something like this: yes, but depending on the version od DS you use, you may need to set nsslapd-cache-autosize: 0 in the "cn=config,cn=ldbm database,cn=plugins,cn=config" entry to be able to set the cache sizes # cat update.ldif dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 10 - replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 - replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-cachememsize nsslapd-cachememsize: 2147483648 - replace: nsslapd-dncachememsize nsslapd-dncachememsize: 268435456 Is it right? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Ludwig, thank you for reply! One more question, if the one of the ldap path differs, the structure of update.ldif file is something like this: # cat update.ldif dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 10 - replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 - replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-cachememsize nsslapd-cachememsize: 2147483648 - replace: nsslapd-dncachememsize nsslapd-dncachememsize: 268435456 Is it right? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
On 02/09/2018 10:23 AM, Alex M via FreeIPA-users wrote: Martin, thank you for the reply. Does it support multiple modification lines at the same time? yes, but you need to separate the mods, like: dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 10 - replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 - replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 E.g. # cat update.ldif dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 10 replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Martin, thank you for the reply. Does it support multiple modification lines at the same time? E.g. # cat update.ldif dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 10 replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: 10485760 replace: nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 10485760 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: ipa-server-install --dirsrv-config-file example
Hello, it is standard ldapmodify syntax https://pagure.io/freeipa/issue/4949#comment-324531 On 09.02.2018 09:36, Alex M via FreeIPA-users wrote: > Hello! > > I'm sorry for a dumb question, but i cant find documentation on ldif file > syntax, that can be used for unattended installation (with ldapmodify) like > ipa-server-install --dirsrv-config-file someparams.ldif. > Can someone point me to this doc or share the example of this file? > > Thanks > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org signature.asc Description: OpenPGP digital signature ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org