[Freeipa-users] IPA Query Tuning and a Recovery Question
Charlie Derwent
shelltoesuperstar at gmail.com
Mon Sep 9 17:40:43 UTC 2013
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 09/09/2013 10:20 AM, Charlie Derwent wrote:
>
> Hi,
>
> 2 questions, some of our automation accounts are needlessly querying the
> IPA server every time they call a command via sudo. This is generating a
> lot of noise in our access logs. Is there any way to ensure certain system
> accounts don't call out to the IPA server for additional groups or sudo
> permission when completing tasks?
>
>
> What are your client platforms? Does sssd or newer versions of sudo cache?
>
> The clients are a mix of RHEL and CentOS 5.8 servers, what version am I
looking for any kind of caching?
>
>
> The other question is slightly more embarrassing, one of our guys saw /var
> filling and noticed that /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load
> of "log" files which looked like they weren't being tidied.
>
>
> They are automatically cleaned up. If you have a lot of updates, it may
> take longer.
>
>
> One stupid decision later and I'm now here asking on his behalf if there
> is anyway of restoring the database from a replica or is a complete rebuild
> required?
>
>
> Just reinit the replica using ipa-replica-manage.
>
> Thanks will give it a go tomorrow.
>
> Second question is obviously a little bit more urgent than the first but
> any advice is greatly appreciated.
>
> Thanks,
> Charlie
>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130909/5389500b/attachment.htm>
More information about the Freeipa-users
mailing list