This message is stored in the error log: [..] connection - conn=160 fd=64 Incoming BER Element was 3 bytes, max allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in cn=config to increase.
Additional comment:
whatever I set nsslapd-maxbersize to, I always get that log entry.
Comment by Rich:
I have seen similar issues when a client tries to do SSL to the clear text port e.g. the value of 3 is the TLS major version.
It seems if accidentally use TLS on the clear text port, ber_get_next returns LBER_OVERFLOW or errno is set to ERANGE in ber_get_next. 1036 *tagp = ber_get_next( conn->c_sb, &bytes_scanned, ber );
The error message should be translated to a more appropriate one.
Note: observed in 1.3.5.x.
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.6 backlog
I guess we could attempt to detect this by comparing if the ber element size is less than the max allowable, and then log something like "perhaps TLS handshake on plaintext port?"?
Metadata Update from @firstyear: - Issue close_status updated to: None
Metadata Update from @mreynolds: - Issue set to the milestone: 1.3.7 backlog (was: 1.3.6 backlog)
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1445188
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2049
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.