Fix nsslapd-anonlimitsdn dn in cn=config

The dn value needs to be quoted otherwise it is interpreted to be a multi-value. This will replace whatever value is currently set. https://fedorahosted.org/freeipa/ticket/2452
2025-02-25 18:55:28 -06:00 · 2012-03-07 17:59:19 -05:00 · 2012-03-07 17:59:19 -05:00 · f5e5bf8f82
commit f5e5bf8f82
parent 0cb9882be9
2 changed files with 2 additions and 2 deletions
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@ -31,7 +31,7 @@ default:nsSizeLimit: 5000
 default:nsLookThroughLimit: 5000

 dn: cn=config
-add:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX
+only:nsslapd-anonlimitsdn:'cn=anonymous-limits,cn=etc,$SUFFIX'

 # Add a defaultNamingContext if one hasn't already been set. This was
 # introduced in 389-ds-base-1.2.10-0.9.a8. Adding this to a server that
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@ -540,7 +540,7 @@ class IPAdmin(IPAEntryLDAPObject):

        # Some attributes, like those in cn=config, need to be replaced
        # not deleted/added.
-        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit')
+        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn')
        modlist = []

        old_entry = ipautil.CIDict(old_entry)