Dmitri Pal wrote: > On 03/30/2015 10:15 AM, Janelle wrote: >> For LDAP-only clients, I see an issue with performance on the dirsrv >> backends, and much of it has to do with 2 things: >> >> 1. Anonymous binds (1000's because of 7000+ hosts) >> 2. unindexed searches <-- perhaps the biggest problem and working on >> troubleshooting that and figuring out how to fix it. > > For that amount of clients we recommend 2-3 replicas. > > There is documentation on how to create indexes. > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Indexes-Creating_Indexes.html#Creating_Indexes-Creating_Indexes_from_the_Command_Line > > > I am not a DS guru but AFAIU they need to be created on each replica.
Correct. > > You need to check what searches are taking long time and then match the > attributes that you are looking for with the list of the indexed > attributes. The link about will give you the location where the indexes > are stored. logconv.pl will help find unindexed searches. rob > >> >> Thank you >> ~J >> >> On 3/29/15 8:38 PM, Dmitri Pal wrote: >>> On 03/27/2015 08:22 PM, Janelle wrote: >>>> Hello, >>>> >>>> Just wondering if there is an easy way to increase anonymous binds >>>> on the back end for non Kerberos clients? >>>> I have seen some mention of it, and that IPA has limits, can't can't >>>> find a lot of detail? >>>> >>>> Thank you >>>> ~J >>>> >>> I am not sure I understand what you are asking. >>> What do you mean by "increase anonymous binds" ? >>> Increase timeout? Or you want to allow anonymous binds? >>> >> > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
