<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/09/2013 02:26 PM, Rich Megginson wrote:
<blockquote cite="mid:522E12BB.6030905@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 09/09/2013 11:40 AM, Charlie
Derwent wrote:<br>
</div>
<blockquote
cite="mid:CA+W6xetA4EXVj69_JhjZU_1wn4ratPbyTqD1-4jPpggHfN7LOg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 9, 2013 at 5:32 PM,
Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF">
<div class="im">
<div>On 09/09/2013 10:20 AM, Charlie Derwent wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
<div> </div>
<div>2 questions, some of our
automation accounts are needlessly querying
the IPA server every time they call a command
via sudo. This is generating a lot of noise in
our access logs. Is there any way to ensure
certain system accounts don't call out to the
IPA server for additional groups or sudo
permission when completing tasks?</div>
</div>
</blockquote>
<br>
</div>
What are your client platforms? Does sssd or newer
versions of sudo cache?
<div class="im"><br>
</div>
</div>
</blockquote>
<div>The clients are a mix of RHEL and CentOS 5.8 servers,
what version am I looking for any kind of caching?</div>
</div>
</div>
</div>
</blockquote>
<br>
By default, on EL5, sudo has to connect/bind/search/close for
every single sudo lookup. I believe there are versions of
sssd/sudo that do some sort of caching. I'm not sure if those are
available for EL5.<br>
</blockquote>
<br>
In RHEL 6.4 sudo can be integrated with SSSD that would provide the
caching of the sudo rules on the client.<br>
<br>
<blockquote cite="mid:522E12BB.6030905@redhat.com" type="cite"> <br>
<blockquote
cite="mid:CA+W6xetA4EXVj69_JhjZU_1wn4ratPbyTqD1-4jPpggHfN7LOg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF">
<div class="im"> <br>
<blockquote type="cite">
<div dir="ltr">
<div> </div>
<div>The other question is slightly more
embarrassing, one of our guys saw /var filling
and noticed that
/var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a
load of "log" files which looked like they
weren't being tidied. </div>
</div>
</blockquote>
<br>
</div>
They are automatically cleaned up. If you have a lot
of updates, it may take longer.
<div class="im"> </div>
</div>
</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF">
<div class="im"> <br>
<blockquote type="cite">
<div dir="ltr">
<div>One stupid decision later and I'm now here
asking on his behalf if there is anyway of
restoring the database from a replica or is a
complete rebuild required?</div>
</div>
</blockquote>
<br>
</div>
Just reinit the replica using ipa-replica-manage.<br>
<br>
</div>
</blockquote>
<div>Thanks will give it a go tomorrow. </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div class="im">
<div dir="ltr">
<div> </div>
<div>Second question is obviously a little bit
more urgent than the first but any advice is
greatly appreciated.</div>
<div> </div>
<div>Thanks,</div>
<div>Charlie</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>