Hi, We recently attempted to move our OpenLDAP master from a Scientific Linux 6 machine to SL7. On upgrading, we found that some large ldapmodify ldifs using sasl/gssapi were failing with an error like: slapd[26949]: encoded packet size too big (83200 > 65536) (the larger packet size would always be the same for the same ldif). Some version information: Scientific Linux 7.2 cyrus-sasl-2.1.26-20 openldap-2.4.44 (our own build) We can make this problem go away by setting, for example, the following in slapd.conf: sasl-secprops maxbufsize=262144 The default, according to slapd.conf(5) is 65536, corresponding to the number in the error message above. However, it doesn't seem like we should be needing to modify this buffer size on the server side. The client side default is also 65536, according to ldap.conf(5), so something seems to be going awry. Looking back through the archives of this list, I find a similar report from last year (although this particular report involves cyrus murder and mail delivery, the problem appears to be the same): https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2016-March/002879.html This report links to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=1205878 Interestingly, the one-line patch in that bug does indeed fix our problem, althought I note there is some disquiet in pushing this patch, so it appears that this issue remains unresolved. Toby Blake, School of Informatics University of Edinburgh -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
