On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
On 17-07-18 11:48, Alexander Bokovoy wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In
addition,
you have some substitution variables available too. These aren't
needed
for this specific case but it would be useful in other cases.
See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
for details and read ipa-ldap-updater manual page.
Just to be sure, before I execute it. This will be my update file
for ipa-ldap-updater.
(The syntax wasn't fully clear from the man page.)
# Change value nsslapd-cachememsize
dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
replace:nsslapd-cachememsize:2097152::33554432
Right?
Yes, that's how it should be. You've got it right.
Hmm. I'm getting an error
2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed,
exception: ObjectclassViolation: cannot add a value to single valued
attribute nsslapd-cachememsize.
More details from the log:
2018-07-17T09:55:10Z DEBUG Updating existing entry:
cn=changelog,cn=ldbm database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG ---------------------------------------------
2018-07-17T09:55:10Z DEBUG Initial value
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG top
2018-07-17T09:55:10Z DEBUG extensibleObject
2018-07-17T09:55:10Z DEBUG nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG 10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG 2097152
2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432']
2018-07-17T09:55:10Z DEBUG ---------------------------------------------
2018-07-17T09:55:10Z DEBUG Final value after applying updates
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG top
2018-07-17T09:55:10Z DEBUG extensibleObject
2018-07-17T09:55:10Z DEBUG nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG 10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG 33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize',
['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])]
Somehow it considered adding instead of replacing.
Could you please file a ticket with all these details?
Mean while you can obviously use ldapmodify directly. I just wonder
what's wrong with replace...
not sure about the syntax of ldap updater, but could it be that
replace:nsslapd-cachememsize:2097152::33554432
is interpreted as replacing by two values and the result is the attempt
to ADD the new value ? for replace you do not need to provide the
existing value.
2018-07-17T09:55:10Z DEBUG Updated 1
2018-07-17T09:55:10Z DEBUG Destroyed connection
context.ldap2_139925522412176
2018-07-17T09:55:10Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py",
line 147, in run
modified = ld.update(self.files) or modified
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
line 918, in update
self._run_updates(all_updates)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
line 892, in _run_updates
self._update_record(update)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py",
line 811, in _update_record
self.conn.update_entry(entry)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line
1497, in update_entry
self.conn.modify_s(str(entry.dn), modlist)
File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line
975, in error_handler
raise errors.ObjectclassViolation(info=info)
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/AN62IIINHBBAJ5G2HVQ5PBQMQOANYLLQ/
