encoded packet size too big when using openldap ldapmodify

Toby Blake toby at inf.ed.ac.uk
Tue Mar 21 06:57:03 EDT 2017


Hi,

We recently attempted to move our OpenLDAP master from a Scientific Linux
6 machine to SL7.  On upgrading, we found that some large ldapmodify
ldifs using sasl/gssapi were failing with an error like:

slapd[26949]: encoded packet size too big (83200 > 65536)

(the larger packet size would always be the same for the same ldif).


Some version information:

Scientific Linux 7.2
cyrus-sasl-2.1.26-20
openldap-2.4.44 (our own build)


We can make this problem go away by setting, for example, the following
in slapd.conf:

sasl-secprops maxbufsize=262144

The default, according to slapd.conf(5) is 65536, corresponding to the
number in the error message above.

However, it doesn't seem like we should be needing to modify this buffer
size on the server side.  The client side default is also 65536, according
to ldap.conf(5), so something seems to be going awry.


Looking back through the archives of this list, I find a similar report
from last year (although this particular report involves cyrus murder
and mail delivery, the problem appears to be the same):

https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2016-March/002879.html

This report links to the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1205878

Interestingly, the one-line patch in that bug does indeed fix our problem,
althought I note there is some disquiet in pushing this patch, so it
appears that this issue remains unresolved.


Toby Blake,
School of Informatics
University of Edinburgh


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.



More information about the Cyrus-sasl mailing list