On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
Directly editing the lse.ldif didn't work. ipactl start hangs on
pki-tomcatd. I think I've broken it. I seem to recall ldap not liking
being edited by hand.
You have to make sure dirsrv is not running before you edit dse.ldif.
Not sure if ipactl stop will wait until all services are not running.
cheers
L.
------
The most dangerous phrase in the language is, "We've always done it
this way."
- Grace Hopper
On 17 March 2017 at 19:45, Bob Hinton <[email protected]
<mailto:[email protected]>> wrote:
Hi Lachlan,
This is probably a complete hack, but the way I've changed
nsslapd-cachememsize in the past is -
On each ipa replica in turn -
1. ipactl stop
2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif - (where DOMAIN is
your server's domain/realm - not sure which) find and change
the value of nsslapd-cachememsize
3. ipactl start
This seemed to work in that it made the error messages go away and
it made heavily loaded servers more stable. However, I've not
tried this on a recent version of ipa so it may no longer work or
not be needed any more.
Regards
Bob
On 17/03/2017 02:20, Lachlan Musicman wrote:
While going through the logs on the FreeIPA server, I noticed this:
WARNING: changelog: entry cache size 2097152 B is less than db
size 12804096 B; We recommend to increase the entry cache size
nsslapd-cachememsize.
I have found a number of documents:
What it is:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html>
How to tune it:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html>
etc etc.
I have no idea of what the secret password is for the
"cn=directory manager" and can't find any information about where
I might find it or where or when it might have been set anywhere.
I have found a number of likely candidates, but none have worked.
I found this page:
https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
<https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password>
but I'd prefer to not change the password if possible.
cheers
L.
------
The most dangerous phrase in the language is, "We've always done
it this way."
- Grace Hopper
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
