[389-users] Re: BER Size
On Wed, 2017-12-06 at 10:53 -0600, Sergei Gerasenko wrote: > 389-ds-base-1.3.5.10-21.el7_3.x86_64. I do see errors like: > > connection - conn=1414256 fd=745 Incoming BER Element was too long, > max allowable is 2097152 bytes. Change the nsslapd-maxbersize > attribute in cn=config to increase. Master to Master traffic should ignore the maxbersize. I can't remember the ticket number, but I know we test for this. It's so that if one master has a maxber of X that's greater than the other masters, we can still replicate. So my advice - Sometimes we see this error when you use ldaps:// to a plaintext port IE ldaps://hostname:389. Is this possibly the issue you have replication set to SSL to a plaintext port? 1.3.7 has a better warning about this condition (we actually say "TLS on a plain port when it happens). > > > > On Dec 6, 2017, at 10:47 AM, Viktor Ashirov> > wrote: > > > > Hi, > > On Wed, Dec 06 2017 at 10:34:05 -0600, Sergei Gerasenko > ail.com> wrote: > > > Hi, > > > > > > I just discovered that I have a mismatch of BER sizes (nsslapd- > > > maxbersize) between some of my masters. On the masters that we > > > consider the authorative ones, the BER size is (cough, cough) > > > 209M while in the rest of the environment is the default 2M. I do > > > see occasional errors on the 2M masters complaining and > > > suggesting to increase the BER size. A couple of questions: > > > > > > 1. If the BER size of the supplier exceeds that of the consumer, > > > will it be automatically split into smaller chunks or will the > > > update just fail without any retries? > > > 2. Should I match the BER size accross the environment? I think > > > it’s obvious, but still asking just in case. > > > > What version of 389-ds-base do you have? BER size should be ignored > > [1] > > in replication in versions >=389-ds-base-1.3.5.2-1.el7 > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1223510 > > > > > > Thanks! > > > Sergei > > > ___ > > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > > To unsubscribe send an email to 389-users-leave@lists.fedoraproje > > > ct.org > > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: BER Size
On Wed, Dec 06 2017 at 10:53:49 -0600, Sergei Gerasenkowrote: > 389-ds-base-1.3.5.10-21.el7_3.x86_64. I do see errors like: > > connection - conn=1414256 fd=745 Incoming BER Element was too long, max > allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in > cn=config to increase. Is this connection coming from the other master? Or some client connection? > > >> On Dec 6, 2017, at 10:47 AM, Viktor Ashirov wrote: >> >> Hi, >> On Wed, Dec 06 2017 at 10:34:05 -0600, Sergei Gerasenko >> wrote: >>> Hi, >>> >>> I just discovered that I have a mismatch of BER sizes (nsslapd-maxbersize) >>> between some of my masters. On the masters that we consider the authorative >>> ones, the BER size is (cough, cough) 209M while in the rest of the >>> environment is the default 2M. I do see occasional errors on the 2M masters >>> complaining and suggesting to increase the BER size. A couple of questions: >>> >>> 1. If the BER size of the supplier exceeds that of the consumer, will it be >>> automatically split into smaller chunks or will the update just fail >>> without any retries? >>> 2. Should I match the BER size accross the environment? I think it’s >>> obvious, but still asking just in case. >> What version of 389-ds-base do you have? BER size should be ignored [1] >> in replication in versions >=389-ds-base-1.3.5.2-1.el7 >> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1223510 >>> >>> Thanks! >>> Sergei >>> ___ >>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org signature.asc Description: PGP signature ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: BER Size
389-ds-base-1.3.5.10-21.el7_3.x86_64. I do see errors like: connection - conn=1414256 fd=745 Incoming BER Element was too long, max allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in cn=config to increase. > On Dec 6, 2017, at 10:47 AM, Viktor Ashirovwrote: > > Hi, > On Wed, Dec 06 2017 at 10:34:05 -0600, Sergei Gerasenko > wrote: >> Hi, >> >> I just discovered that I have a mismatch of BER sizes (nsslapd-maxbersize) >> between some of my masters. On the masters that we consider the authorative >> ones, the BER size is (cough, cough) 209M while in the rest of the >> environment is the default 2M. I do see occasional errors on the 2M masters >> complaining and suggesting to increase the BER size. A couple of questions: >> >> 1. If the BER size of the supplier exceeds that of the consumer, will it be >> automatically split into smaller chunks or will the update just fail without >> any retries? >> 2. Should I match the BER size accross the environment? I think it’s >> obvious, but still asking just in case. > What version of 389-ds-base do you have? BER size should be ignored [1] > in replication in versions >=389-ds-base-1.3.5.2-1.el7 > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1223510 >> >> Thanks! >> Sergei >> ___ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: BER Size
Hi, On Wed, Dec 06 2017 at 10:34:05 -0600, Sergei Gerasenkowrote: > Hi, > > I just discovered that I have a mismatch of BER sizes (nsslapd-maxbersize) > between some of my masters. On the masters that we consider the authorative > ones, the BER size is (cough, cough) 209M while in the rest of the > environment is the default 2M. I do see occasional errors on the 2M masters > complaining and suggesting to increase the BER size. A couple of questions: > > 1. If the BER size of the supplier exceeds that of the consumer, will it be > automatically split into smaller chunks or will the update just fail without > any retries? > 2. Should I match the BER size accross the environment? I think it’s obvious, > but still asking just in case. What version of 389-ds-base do you have? BER size should be ignored [1] in replication in versions >=389-ds-base-1.3.5.2-1.el7 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1223510 > > Thanks! >Sergei > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org signature.asc Description: PGP signature ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org