With large deployments, default value of nsslapd-db-locks:10 000 might not be enough and results in ipa replica install failures.
This value has to be set when 389 is stopped, ideally right after instance creation.
possibly related: #1930
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1196958 (Red Hat Enterprise Linux 7)
This ticket is not critical for 4.2 GA and can be done in follow-up stabilization release - postponing.
Very related (almost duplicate): #4048.
We agreed that the fix for this should be more general. ipa-replica-install should accept LDIF applied to (switched off) Directory Server's dse.ldif so that this ticket and ticket like #4048 is covered.
Stretch for 4.3.
master:
How to use:
# cat update.ldif dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-db-locks nsslapd-db-locks: 100000 # ipa-{server,replica}-install --dirsrv-config-file=update.ldif
Metadata Update from @pvoborni: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.3
Login to comment on this ticket.