#4949 configure nsslapd-db-locks in ds instace creation based on expected user count
Closed: Fixed None Opened 8 years ago by pvoborni.

With large deployments, default value of nsslapd-db-locks:10 000 might not be enough and results in ipa replica install failures.

This value has to be set when 389 is stopped, ideally right after instance creation.

This ticket is not critical for 4.2 GA and can be done in follow-up stabilization release - postponing.

Very related (almost duplicate): #4048.

We agreed that the fix for this should be more general. ipa-replica-install should accept LDIF applied to (switched off) Directory Server's dse.ldif so that this ticket and ticket like #4048 is covered.

Stretch for 4.3.


  • 63638ac Make offline LDIF modify more robust
  • 65c89cc Add method to read changes from LDIF
  • ae23432 Add option to specify LDIF file that contains DS configuration changes
  • 5233165 CI: installation with customized DS config

How to use:

# cat update.ldif
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-db-locks
nsslapd-db-locks: 100000

# ipa-{server,replica}-install --dirsrv-config-file=update.ldif


  • f4c8c93 Rename option --dirsrv-config-mods to --dirsrv-config-file

Metadata Update from @pvoborni:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3

6 years ago

Login to comment on this ticket.