diff --git a/roles/ipa/server/files/replica-install.ldif b/roles/ipa/server/files/replica-install.ldif
new file mode 100644
index 0000000000..27dc8ad26d
--- /dev/null
+++ b/roles/ipa/server/files/replica-install.ldif
@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: nsslapd-maxsasliosize
+nsslapd-maxsasliosize: 3145728
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 3129bec563..bd8385a3ed 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -86,6 +86,30 @@
   - config
   when: ipa_initial
 
+- name: Create LDIF directory
+  file:
+    path: /root/ldif
+    state: directory
+    owner: root
+    group: root
+    mode: 0750
+  tags:
+  - ipa/server
+  - config
+
+- name: Copy LDIF files
+  copy:
+    src: "{{item}}"
+    dest: /root/ldif/{{item}}
+  with_items:
+  - grant_anonymous_replication_view.ldif
+  - grant_fas_sync.ldif
+  - use_id_fp_o.ldif
+  - replica-install.ldif
+  tags:
+  - ipa/server
+  - config
+
 - name: determine whether we need to set up replication
   stat: path=/etc/ipa/default.conf
   register: replication_status
@@ -138,6 +162,7 @@
              --forwarder=10.3.163.34
              --skip-conncheck
              --log-file=/var/log/ipainstall.log
+             --dirsrv-config-file=/root/ldif/replica-install.ldif
              /root/ipa_replica_{{inventory_hostname}}.gpg
              creates=/etc/ipa/default.conf
     when: ansible_distribution_major_version|int < 8
@@ -158,6 +183,7 @@
              --log-file=/var/log/ipainstall.log
              --domain={{ipa_realm}}
              --server=ipa01{{ env_suffix }}.iad2.fedoraproject.org
+             --dirsrv-config-file=/root/ldif/replica-install.ldif
              creates=/etc/ipa/default.conf
     when: ansible_distribution_major_version|int >= 8
   when: not ipa_initial and not replication_status.stat.exists
@@ -608,22 +634,6 @@
   - config
 
 
-- name: Create LDIF directory
-  file: path=/root/ldif state=directory owner=root group=root mode=0750
-  tags:
-  - ipa/server
-  - config
-
-- name: Copy LDIF files
-  copy: src={{item}} dest=/root/ldif/{{item}}
-  with_items:
-  - grant_anonymous_replication_view.ldif
-  - grant_fas_sync.ldif
-  - use_id_fp_o.ldif
-  tags:
-  - ipa/server
-  - config
-
 # This is a special one, in that it needs to apply on each master since it's non-replicated.
 - name: Grant access to replication status
   command: ldapmodify -Y EXTERNAL -H {{ ipa_ldap_socket }}