<div dir="ltr"><div><div>Directly editing the lse.ldif didn't work. ipactl start hangs on pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being edited by hand.<br><br></div>cheers<br></div>L.<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>------<br>The most dangerous phrase in the language is, "We've always done it this way."<br><br>- Grace Hopper<br></div></div></div></div>
<br><div class="gmail_quote">On 17 March 2017 at 19:45, Bob Hinton <span dir="ltr"><<a href="mailto:bob@rha-ltd.co.uk" target="_blank">bob@rha-ltd.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_-402975859477004656moz-cite-prefix">Hi Lachlan,<br>
<br>
This is probably a complete hack, but the way I've changed
nsslapd-cachememsize in the past is -<br>
<br>
On each ipa replica in turn -<br>
<ol>
<li>ipactl stop</li>
<li>vim /etc/dirsrv/slapd-DOMAIN/dse.<wbr>ldif - (where DOMAIN is
your server's domain/realm - not sure which) find and change
the value of nsslapd-cachememsize</li>
<li>ipactl start</li>
</ol>
<p>This seemed to work in that it made the error messages go away
and it made heavily loaded servers more stable. However, I've
not tried this on a recent version of ipa so it may no longer
work or not be needed any more.</p>
<p>Regards</p><span class="HOEnZb"><font color="#888888">
<p>Bob<br>
</p></font></span><div><div class="h5">
<br>
On 17/03/2017 02:20, Lachlan Musicman wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">While going through the logs on the FreeIPA server,
I noticed this:<br>
<br>
<br>
WARNING: changelog: entry cache size 2097152 B is less than db
size 12804096 B; We recommend to increase the entry cache size
nsslapd-cachememsize.<br>
<div><br>
<br>
</div>
<div>I have found a number of documents:<br>
<br>
</div>
<div>What it is: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/8.0/html/<wbr>Configuration_and_Command_<wbr>Reference/Configuration_<wbr>Command_File_Reference-<wbr>Database_Attributes_under_<wbr>cnNetscapeRoot_cnldbm_<wbr>database_cnplugins_cnconfig_<wbr>and_cnUserRoot_cnldbm_<wbr>database_cnplugins_cnconfig-<wbr>nsslapd_cachememsize.html</a><br>
<br>
</div>
<div>How to tune it: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/8.1/html/<wbr>Administration_Guide/<wbr>memoryusage.html</a><br>
<br>
</div>
<div><br>
</div>
<div>etc etc.<br>
<br>
</div>
<div>I have no idea of what the secret password is for the
"cn=directory manager" and can't find any information about
where I might find it or where or when it might have been set
anywhere. I have found a number of likely candidates, but none
have worked.<br>
<br>
</div>
<div>I found this page:<br>
<br>
<a href="https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password" target="_blank">https://www.freeipa.org/page/<wbr>Howto/Change_Directory_<wbr>Manager_Password</a><br>
<br>
</div>
<div>but I'd prefer to not change the password if possible. <br>
<br>
</div>
<div>cheers<br>
</div>
<div>L.<br>
</div>
<div><br>
<br>
</div>
<div><br clear="all">
<div>
<div class="m_-402975859477004656gmail_signature">
<div dir="ltr">
<div>------<br>
The most dangerous phrase in the language is, "We've
always done it this way."<br>
<br>
- Grace Hopper<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-402975859477004656mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<p><br>
</p>
</div></div></div>
</blockquote></div><br></div>