Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot dynamically set nsslapd-maxbersize #542

Closed
389-ds-bot opened this issue Sep 12, 2020 · 6 comments
Closed

Cannot dynamically set nsslapd-maxbersize #542

389-ds-bot opened this issue Sep 12, 2020 · 6 comments
Labels
closed: fixed Migration flag - Issue
Milestone
1.3.0.2

Comments

@389-ds-bot
Copy link

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/542

This bug effects directory initializations when the membersize exceeds the default value. For example, a dogtag replica installation with a large CRL entry will fail due to the size exceeding 2097152 bytes.
@389-ds-bot 389-ds-bot added the closed: fixed Migration flag - Issue label Sep 12, 2020
@389-ds-bot 389-ds-bot added this to the 1.3.0.2 milestone Sep 12, 2020
@389-ds-bot
Copy link
Author

Comment from rmeggins (@richm) at 2012-12-20 00:10:24

The only place we tell the Sockbuf layer that we have a max size is here:

Connection_Table *
connection_table_new(int table_size)
...
		ber_len_t maxbersize = config_get_maxbersize();

this should be moved before the loop - no reason to do this inside the loop

		ber_sockbuf_ctrl( ct->c[i].c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize );

Will be tricky to do this dynamically and have it apply to all open connections. Would prefer to do it only for new connections:

handle_new_connection()
...
	ber_sockbuf_add_io( conn->c_sb, &openldap_sockbuf_io,
						LBER_SBIOD_LEVEL_PROVIDER, conn );
...
		ber_len_t maxbersize = config_get_maxbersize();
		ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &maxbersize );

@389-ds-bot
Copy link
Author

Comment from nhosoi (@nhosoi) at 2013-01-10 03:36:22

Fix description: Based on the proposal made by richm@redhat.com
in the ticket 542, this patch sets maxbersize every time before
reading the client input from the socket.

If the incoming ber size is larger than maxbersize, access log logs:
[..] conn=# op=-1 fd=64 closed error 34 (Numerical result out of range) - B2
And the error log logs:
[..] connection - conn=# fd=# Incoming BER Element was too long, max
allowable is # bytes. Change the nsslapd-maxbersize attribute in
cn=config to increase.

@389-ds-bot
Copy link
Author

Comment from nhosoi (@nhosoi) at 2013-01-10 03:37:12

git patch file (master)
0001-Ticket-542-Cannot-dynamically-set-nsslapd-maxbersize.patch

@389-ds-bot
Copy link
Author

Comment from nhosoi (@nhosoi) at 2013-01-11 00:52:04

Reviewed by Rich (Thank you!!)

Pushed to master: commit cce46be

Pushed to 389-ds-base-1.3.0: commit 5941a5b

@389-ds-bot
Copy link
Author

Comment from nkinder (@nkinder) at 2013-03-07 00:13:23

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=918689

@389-ds-bot
Copy link
Author

Comment from nhosoi (@nhosoi) at 2017-02-11 22:53:27

Metadata Update from @nhosoi:

  • Issue assigned to nhosoi
  • Issue set to the milestone: 1.3.0.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: fixed Migration flag - Issue
Projects
None yet
Milestone
1.3.0.2
Development

No branches or pull requests
1 participant
@389-ds-bot