[Freeipa-users] IPA Query Tuning and a Recovery Question
Charlie Derwent
shelltoesuperstar at gmail.com
Fri Sep 13 02:04:32 UTC 2013
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 09/09/2013 10:20 AM, Charlie Derwent wrote:
>
> Hi,
>
> 2 questions, some of our automation accounts are needlessly querying the
> IPA server every time they call a command via sudo. This is generating a
> lot of noise in our access logs. Is there any way to ensure certain system
> accounts don't call out to the IPA server for additional groups or sudo
> permission when completing tasks?
>
>
> What are your client platforms? Does sssd or newer versions of sudo cache?
>
>
>
> The other question is slightly more embarrassing, one of our guys saw /var
> filling and noticed that /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load
> of "log" files which looked like they weren't being tidied.
>
>
> They are automatically cleaned up. If you have a lot of updates, it may
> take longer.
>
>
> One stupid decision later and I'm now here asking on his behalf if there
> is anyway of restoring the database from a replica or is a complete rebuild
> required?
>
>
> Just reinit the replica using ipa-replica-manage.
>
>
I just tried to reinit the replica but I'm getting an error about failure
to connect to LDAP server I'm guessing that's because it's impossible for
me to kinit on the server now given the state of the DB.
>
>
>
Second question is obviously a little bit more urgent than the first but
> any advice is greatly appreciated.
>
> Thanks,
> Charlie
>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130913/0b5bea4d/attachment.htm>
More information about the Freeipa-users
mailing list