I have a problem appearing where a large (16.6MB approx) value is to be saved to an attribute (certificateRevocationList). Prior to the value being this large, ldapmodify had no problems updating it. However it appears to have crossed some magic threshold where it will no longer be accepted, and aborts with: ldap_modify: Can't contact LDAP server (-1)
The ldapmodify operation is being performed on the ldap host machine using the ldap root user with simple password authentication. Openldap version is 2.4.30 using back-bdb with Linux OS (2.6.32 64 bit). There is no replication configured. It's a fairly simple setup.
I've seen a couple of similar threads alluding to the same problme, however without any solution. http://www.openldap.org/lists/openldap-software/200905/msg00062.html http://www.openldap.org/lists/openldap-technical/201501/msg00006.html
I'm curious to know where the limit is that is causing the sudden inability for ldapmodify to complete. Nothing was immediately apparent after a quick look through some of the source. Also, if the issue is a known one, was it addressed in a newer release?
I can run the same test on a machine with openldap-2.4.40 to see if it persists if that is of any help.
Thanks, Geoff
Geoff Swan wrote:
I have a problem appearing where a large (16.6MB approx) value is to be saved to an attribute (certificateRevocationList). Prior to the value being this large, ldapmodify had no problems updating it. However it appears to have crossed some magic threshold where it will no longer be accepted, and aborts with: ldap_modify: Can't contact LDAP server (-1)
See slapd.conf(5):
sockbuf_max_incoming <integer> Specify the maximum incoming LDAP PDU size for anonymous sessions. The default is 262143.
sockbuf_max_incoming_auth <integer> Specify the maximum incoming LDAP PDU size for authenticated sessions. The default is 4194303.
You probably want to increase sockbuf_max_incoming_auth to meet your needs.
Ciao, Michael.
Thanks Michael, that was quick and on the money. I missed that line in slapd.conf.
cheers, Geoff
On 15/12/2015 9:41 PM, Michael Ströder wrote:
Geoff Swan wrote:
I have a problem appearing where a large (16.6MB approx) value is to be saved to an attribute (certificateRevocationList). Prior to the value being this large, ldapmodify had no problems updating it. However it appears to have crossed some magic threshold where it will no longer be accepted, and aborts with: ldap_modify: Can't contact LDAP server (-1)
See slapd.conf(5):
sockbuf_max_incoming <integer> Specify the maximum incoming LDAP PDU size for anonymous sessions. The default is 262143. sockbuf_max_incoming_auth <integer> Specify the maximum incoming LDAP PDU size for authenticated sessions. The default is 4194303.You probably want to increase sockbuf_max_incoming_auth to meet your needs.
Ciao, Michael.
openldap-technical@openldap.org
-
Geoff Swan -
Michael Ströder