[Freeipa-users] IPA Query Tuning and a Recovery Question
Rich Megginson
rmeggins at redhat.com
Mon Sep 9 18:26:03 UTC 2013
On 09/09/2013 11:40 AM, Charlie Derwent wrote:
>
> On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 09/09/2013 10:20 AM, Charlie Derwent wrote:
>> Hi,
>> 2 questions, some of our automation accounts are needlessly
>> querying the IPA server every time they call a command via sudo.
>> This is generating a lot of noise in our access logs. Is there
>> any way to ensure certain system accounts don't call out to the
>> IPA server for additional groups or sudo permission when
>> completing tasks?
>
> What are your client platforms? Does sssd or newer versions of
> sudo cache?
>
> The clients are a mix of RHEL and CentOS 5.8 servers, what version am
> I looking for any kind of caching?
By default, on EL5, sudo has to connect/bind/search/close for every
single sudo lookup. I believe there are versions of sssd/sudo that do
some sort of caching. I'm not sure if those are available for EL5.
>
>> The other question is slightly more embarrassing, one of our guys
>> saw /var filling and noticed that
>> /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load of "log" files
>> which looked like they weren't being tidied.
>
> They are automatically cleaned up. If you have a lot of updates,
> it may take longer.
>
>
>> One stupid decision later and I'm now here asking on his behalf
>> if there is anyway of restoring the database from a replica or is
>> a complete rebuild required?
>
> Just reinit the replica using ipa-replica-manage.
>
> Thanks will give it a go tomorrow.
>
>> Second question is obviously a little bit more urgent than the
>> first but any advice is greatly appreciated.
>> Thanks,
>> Charlie
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130909/5abe9a47/attachment.htm>
More information about the Freeipa-users
mailing list