<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/09/2015 08:26 AM, Chris Mohler
wrote:<br>
</div>
<blockquote cite="mid:54D8D19E.1080703@oberlin.edu" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 02/09/2015 09:48 AM, Rich
Megginson wrote:<br>
</div>
<blockquote cite="mid:54D8C8B5.2080102@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 02/08/2015 08:23 PM, Chris
Mohler wrote:<br>
</div>
<blockquote
cite="mid:CAOBT0Fkj+96YbQk=y2T0bxGE1Fd5Jtkrk55rh9qK0LTLRSAkoQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Thanks for the reply and the link Rich!<br>
<br>
</div>
<div>dbmon.sh is a handy tool indeed. <br>
</div>
<div><br>
</div>
I read the instructions and upped my entry cache size to
2gb because I have enough ram. <br>
</div>
Everything went well until <br>
<pre><code>service dirsrv restart
</code></pre>
<pre><code>I Got the following errors:
[06/Feb/2015:10:07:35 -0500] - slapd stopped.
[06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the SUBSTR matching rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[06/Feb/2015:10:07:37 -0500] - 389-Directory/<a moz-do-not-send="true" href="http://1.2.11.15">1.2.11.15</a> B2014.314.1342 starting up
[06/Feb/2015:10:07:37 -0500] - slapd started. Listening on All Interfaces port 7389 for LDAP requests
[06/Feb/2015:10:07:37 -0500] - Listening on All Interfaces port 7390 for LDAPS requests
</code></pre>
<pre><code>Oddly enough everything appears to be working. Are these messages safe to ignore?
</code></pre>
</div>
</blockquote>
<br>
This is definitely not related to the cache size.<br>
<br>
<code>Not sure what the problem is - looks like something has
done an override of the standard schema definition of dc. <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://tools.ietf.org/html/rfc4519">http://tools.ietf.org/html/rfc4519</a>
defines it with syntax 1.3.6.1.4.1.1466.115.121.1.26.<br>
<br>
rpm -q 389-ds-base<br>
<br>
find /etc/dirsrv -name \*.ldif -exec grep
0.9.2342.19200300.100.1.25 {} /dev/null \;<br>
<br>
<br>
</code>
<blockquote
cite="mid:CAOBT0Fkj+96YbQk=y2T0bxGE1Fd5Jtkrk55rh9qK0LTLRSAkoQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<pre><code>Another run of dbmon.sh shows that my entry cache was increased.
</code><code></code></pre>
<pre><code>Thanks,
</code></pre>
<pre><code>-Chris
</code></pre>
<pre><code>
</code></pre>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sun, Feb 8, 2015 at 5:58 PM,
Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 02/07/2015 11:25 AM, Chris Mohler wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<pre>Hi Everyone. I'm trying to troubleshoot some issues I'm having. I want to increase the entry cache size
</pre>
<pre>I'm trying to follow the directions here
</pre>
<pre>/usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w secret -p 389
dn: cn=<em><code>database_name</code></em>, cn=ldbm database, cn=plugins, cn=config
changetype: modify
replace: nsslapd-cachememsize
nsslapd-cachememsize: 20971520
</pre>
<pre>Is this the correct way to do this? How do I find out what the "
cn=<em><code>database_name" is supposed to be?
</code></em></pre>
</div>
</blockquote>
<br>
</div>
</div>
<code><em>see </em></code><a moz-do-not-send="true"
href="https://github.com/richm/scripts/wiki/dbmon.sh"
target="_blank">https://github.com/richm/scripts/wiki/dbmon.sh</a>
- the script will tell you what the names of your
databases are.<br>
<blockquote type="cite">
<div dir="ltr">
<pre><em><code>
</code></em></pre>
<pre><em><code>Thanks,
</code></em></pre>
<pre><em><code>-Chris
</code></em></pre>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Thanks again Rich,<br>
I have been having an abundance of issues with my FreeIPA server
lately. I'm not surprised that error is not related. I was not
sure as It has not surfaced in my logs before I changed the entry
cache size. Possibly this will be the clue to get me on the road
to recovery.<br>
<blockquote type="cite"><code>Not sure what the problem is - looks
like something has done an override of the standard schema
definition of dc. <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://tools.ietf.org/html/rfc4519">http://tools.ietf.org/html/rfc4519</a>
defines it with syntax 1.3.6.1.4.1.1466.115.121.1.26.</code></blockquote>
I migrated from OpenLdap about a year ago. So my install is a
migration. I also recently tried to add a replica. Which prompted
me to update the schema on the master before it would replicate.<br>
</blockquote>
<br>
What exactly did you do? You should not have migrated the standard
schema from openldap. Did you have to override the definition of
'dc' for some reason?<br>
<br>
<blockquote cite="mid:54D8D19E.1080703@oberlin.edu" type="cite"> <br>
<blockquote type="cite"><code>rpm -q 389-ds-base</code></blockquote>
<code><font face="sans-serif">389-ds-base-1.2.11.15-48.el6_6.x86_64</font><br>
<br>
</code>
<blockquote type="cite"><code>find /etc/dirsrv -name \*.ldif -exec
grep 0.9.2342.19200300.100.1.25 {} /dev/null \;</code><br>
</blockquote>
<code><br>
</code>/etc/dirsrv/slapd-PKI-IPA/schema.bak/00core.ldif:attributeTypes:
( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )<br>
/etc/dirsrv/slapd-PKI-IPA/schema/00core.ldif:attributeTypes: (
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )<br>
/etc/dirsrv/slapd-PKI-IPA/schema/05rfc2247.ldif:attributeTypes: (
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC
'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE X-ORIGIN 'RFC 2247' )<br>
</blockquote>
<br>
This definition is wrong. Both RFC 2247 and RFC 4519 define 'dc' as
syntax 1.3.6.1.4.1.1466.115.121.1.26 - that is, 7-bit ASCII only.
Do you have some application that requires 8-bit or unicode
characters (syntax 1.3.6.1.4.1.1466.115.121.1.15) in domain
component names? If it is absolutely required that dc accepts
unicode, then you'll have to change the matching rules as well, to
be unicode compatible: EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch - that is, just get rid of the IA5.<br>
<br>
<br>
<blockquote cite="mid:54D8D19E.1080703@oberlin.edu" type="cite">
/etc/dirsrv/schema/00core.ldif:attributeTypes: (
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )<br>
/etc/dirsrv/slapd-CS-OBERLIN-EDU/schema.bak/00core.ldif:attributeTypes:
( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )<br>
/etc/dirsrv/slapd-CS-OBERLIN-EDU/schema/00core.ldif:attributeTypes:
( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )<br>
<br>
Thanks again,<br>
-Chris<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>