diff --git a/roles/ipa/server/files/fix_sasl.ldif b/roles/ipa/server/files/fix_sasl.ldif
new file mode 100644
index 0000000000..b87be52781
--- /dev/null
+++ b/roles/ipa/server/files/fix_sasl.ldif
@@ -0,0 +1,9 @@
+dn: cn=config
+changetype: modify
+replace: nsslapd-maxsasliosize
+nsslapd-maxsasliosize: 50000000
+
+dn: cn=config
+changetype: modify
+replace: nsslapd-sasl-max-buffer-size
+nsslapd-sasl-max-buffer-size: 50000000
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 48616335f2..cfd486b6ac 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -19,6 +19,12 @@
   - ipa/server
   - config
 
+- name: Copy LDIF file for working around annoying IPA bug in initial sync
+  copy: src=fix_sasl.ldif dest=/usr/share/ipa/fix_sasl.ldif
+  tags:
+  - ipa/server
+  - config
+
 - name: install IPA
   command: ipa-server-install
            --realm={{ipa_realm}}