[Freeipa-users] IPA Query Tuning and a Recovery Question

Rich Megginson rmeggins at redhat.com
Fri Sep 13 13:49:16 UTC 2013 

On 09/12/2013 08:04 PM, Charlie Derwent wrote:
>
>
> On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 09/09/2013 10:20 AM, Charlie Derwent wrote:
>>     Hi,
>>     2 questions, some of our automation accounts are needlessly
>>     querying the IPA server every time they call a command via sudo.
>>     This is generating a lot of noise in our access logs. Is there
>>     any way to ensure certain system accounts don't call out to the
>>     IPA server for additional groups or sudo permission when
>>     completing tasks?
>
>     What are your client platforms?  Does sssd or newer versions of
>     sudo cache?
>
>
>>     The other question is slightly more embarrassing, one of our guys
>>     saw /var filling and noticed that
>>     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load of "log" files
>>     which looked like they weren't being tidied.
>
>     They are automatically cleaned up.  If you have a lot of updates,
>     it may take longer.
>
>
>>     One stupid decision later and I'm now here asking on his behalf
>>     if there is anyway of restoring the database from a replica or is
>>     a complete rebuild required?
>
>     Just reinit the replica using ipa-replica-manage.
>
> I just tried to reinit the replica but I'm getting an error about 
> failure to connect to LDAP server I'm guessing that's because it's 
> impossible for me to kinit on the server now given the state of the DB.

It depends.  What error?  Can you provide the exact error message and/or 
excerpts from /var/log/dirsrv/slapd-DOMAIN-COM/errors?

>>     Second question is obviously a little bit more urgent than the
>>     first but any advice is greatly appreciated.
>>     Thanks,
>>     Charlie
>>
>>
>>     _______________________________________________
>>     Freeipa-users mailing list
>>     Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130913/62c09318/attachment.htm>

More information about the Freeipa-users mailing list