<div dir="ltr"><div><div>Directly editing the lse.ldif didn't work. ipactl start hangs on pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being edited by hand.<br><br></div>cheers<br></div>L.<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>------<br>The most dangerous phrase in the language is, "We've always done it this way."<br><br>- Grace Hopper<br></div></div></div></div>
<br><div class="gmail_quote">On 17 March 2017 at 19:45, Bob Hinton <span dir="ltr"><<a href="mailto:bob@rha-ltd.co.uk" target="_blank">bob@rha-ltd.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div class="m_-402975859477004656moz-cite-prefix">Hi Lachlan,<br>
      <br>
      This is probably a complete hack, but the way I've changed
      nsslapd-cachememsize in the past is -<br>
      <br>
      On each ipa replica in turn -<br>
      <ol>
        <li>ipactl stop</li>
        <li>vim /etc/dirsrv/slapd-DOMAIN/dse.<wbr>ldif    - (where DOMAIN is
          your server's domain/realm - not sure which) find and change
          the value of nsslapd-cachememsize</li>
        <li>ipactl start</li>
      </ol>
      <p>This seemed to work in that it made the error messages go away
        and it made heavily loaded servers more stable. However, I've
        not tried this on a recent version of ipa so it may no longer
        work or not be needed any more.</p>
      <p>Regards</p><span class="HOEnZb"><font color="#888888">
      <p>Bob<br>
      </p></font></span><div><div class="h5">
      <br>
      On 17/03/2017 02:20, Lachlan Musicman wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">While going through the logs on the FreeIPA server,
        I noticed this:<br>
        <br>
        <br>
        WARNING: changelog: entry cache size 2097152 B is less than db
        size 12804096 B; We recommend to increase the entry cache size
        nsslapd-cachememsize.<br>
        <div><br>
          <br>
        </div>
        <div>I have found a number of documents:<br>
          <br>
        </div>
        <div>What it is: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/8.0/html/<wbr>Configuration_and_Command_<wbr>Reference/Configuration_<wbr>Command_File_Reference-<wbr>Database_Attributes_under_<wbr>cnNetscapeRoot_cnldbm_<wbr>database_cnplugins_cnconfig_<wbr>and_cnUserRoot_cnldbm_<wbr>database_cnplugins_cnconfig-<wbr>nsslapd_cachememsize.html</a><br>
          <br>
        </div>
        <div>How to tune it: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/8.1/html/<wbr>Administration_Guide/<wbr>memoryusage.html</a><br>
          <br>
        </div>
        <div><br>
        </div>
        <div>etc etc.<br>
          <br>
        </div>
        <div>I have no idea of what the secret password is for the
          "cn=directory manager" and can't find any information about
          where I might find it or where or when it might have been set
          anywhere. I have found a number of likely candidates, but none
          have worked.<br>
          <br>
        </div>
        <div>I found this page:<br>
          <br>
          <a href="https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password" target="_blank">https://www.freeipa.org/page/<wbr>Howto/Change_Directory_<wbr>Manager_Password</a><br>
          <br>
        </div>
        <div>but I'd prefer to not change the password if possible. <br>
          <br>
        </div>
        <div>cheers<br>
        </div>
        <div>L.<br>
        </div>
        <div><br>
          <br>
        </div>
        <div><br clear="all">
          <div>
            <div class="m_-402975859477004656gmail_signature">
              <div dir="ltr">
                <div>------<br>
                  The most dangerous phrase in the language is, "We've
                  always done it this way."<br>
                  <br>
                  - Grace Hopper<br>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="m_-402975859477004656mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <p><br>
    </p>
  </div></div></div>

</blockquote></div><br></div>