<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 09/09/2013 11:40 AM, Charlie Derwent
      wrote:<br>
    </div>
    <blockquote
cite="mid:CA+W6xetA4EXVj69_JhjZU_1wn4ratPbyTqD1-4jPpggHfN7LOg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On Mon, Sep 9, 2013 at 5:32 PM, Rich
            Megginson <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
              <div text="#000000" bgcolor="#FFFFFF">
                <div class="im">
                  <div>On 09/09/2013 10:20 AM, Charlie Derwent wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>Hi,</div>
                      <div> </div>
                      <div>2 questions, some of our automation accounts
                        are needlessly querying the IPA server every
                        time they call a command via sudo. This is
                        generating a lot of noise in our access logs. Is
                        there any way to ensure certain system accounts
                        don't call out to the IPA server for additional
                        groups or sudo permission when completing tasks?</div>
                    </div>
                  </blockquote>
                  <br>
                </div>
                What are your client platforms?  Does sssd or newer
                versions of sudo cache?
                <div class="im"><br>
                </div>
              </div>
            </blockquote>
            <div>The clients are a mix of RHEL and CentOS 5.8 servers,
              what version am I looking for any kind of caching?</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    By default, on EL5, sudo has to connect/bind/search/close for every
    single sudo lookup.  I believe there are versions of sssd/sudo that
    do some sort of caching.  I'm not sure if those are available for
    EL5.<br>
    <br>
    <blockquote
cite="mid:CA+W6xetA4EXVj69_JhjZU_1wn4ratPbyTqD1-4jPpggHfN7LOg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
              <div text="#000000" bgcolor="#FFFFFF">
                <div class="im"> <br>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div> </div>
                      <div>The other question is slightly more
                        embarrassing, one of our guys saw /var filling
                        and noticed that
                        /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load
                        of "log" files which looked like they weren't
                        being tidied. </div>
                    </div>
                  </blockquote>
                  <br>
                </div>
                They are automatically cleaned up.  If you have a lot of
                updates, it may take longer.
                <div class="im"> </div>
              </div>
            </blockquote>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
              <div text="#000000" bgcolor="#FFFFFF">
                <div class="im"> <br>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>One stupid decision later and I'm now here
                        asking on his behalf if there is anyway of
                        restoring the database from a replica or is a
                        complete rebuild required?</div>
                    </div>
                  </blockquote>
                  <br>
                </div>
                Just reinit the replica using ipa-replica-manage.<br>
                <br>
              </div>
            </blockquote>
            <div>Thanks will give it a go tomorrow. </div>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
              <div text="#000000" bgcolor="#FFFFFF">
                <blockquote type="cite">
                  <div class="im">
                    <div dir="ltr">
                      <div> </div>
                      <div>Second question is obviously a little bit
                        more urgent than the first but any advice is
                        greatly appreciated.</div>
                      <div> </div>
                      <div>Thanks,</div>
                      <div>Charlie</div>
                      <div> </div>
                      <div> </div>
                      <div> </div>
                      <div> </div>
                      <div> </div>
                      <div> </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                  </div>
                  <pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
                </blockquote>
                <br>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>