[Freeipa-users] Purge old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 file

David Goudet david.goudet at lyra-network.com
Tue Dec 22 10:43:24 UTC 2015 

Hi,

I have multimaster replication environment. On each replica, folder /var/lib/dirsrv/slapd-xxxx/cldb/ has big size (3~GB) and old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 have three month year old:

sudo dbscan -f /var/lib/dirsrv/slapd-xxxx/cldb/ef155b03-dda611e2-a156db20-90xxx06_51c9aed900xxxxxx000.db4 | less
dbid: 56239e5e000000040000
        replgen: 1445174777 Sun Oct 18 15:26:17 2015
        csn: 56239e5e000000040000
        uniqueid: e55d5e01-26f211e4-9b60db20-90c3b706
        dn: xxxx
        operation: modify
                krbLastSuccessfulAuth: 20151018132617Z
                modifiersname: cn=Directory Manager
                modifytimestamp: 20151018132617Z
                entryusn: 68030946

My questions are:

a) How to purge old entries in file /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4? (what is the procedure)
b) What is the right configuration to limit increase of this file?



This topic has been already talk on https://www.redhat.com/archives/freeipa-users/2013-February/msg00433.html or https://www.redhat.com/archives/freeipa-users/2015-April/msg00573.html but no response work for me.
Response here seems to be not applicable https://bugzilla.redhat.com/show_bug.cgi?id=1181341 (Centos 7, Fixed In Version: 389-ds-base-1.3.4.0-1.el7)

I used some attributes from the docuementation: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnchangelog5-nsslapd_changelogdir. Old entries are not purged and file increase even after restart service (service dirvsrv start and service dirvsrv stop).

(This test environment values)
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleobject
cn: changelog5
...
nsslapd-changelogmaxentries: 100
nsslapd-changelogmaxage: 4m

dn: cn=replica,cn=xxxxx,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
objectClass: top
objectClass: nsds5replica
objectClass: extensibleobject
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=xxxxx
nsds5ReplicaLegacyConsumer: off
nsDS5ReplicaId: 6
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/xxxxxx
 .LYRA,cn=services,cn=accounts,dc=xxxxx
nsState:: xxxxx
nsDS5ReplicaName: d9663d08-a80f11e5-aa48d241-0b88f012
nsds5ReplicaTombstonePurgeInterval: 200
nsds5ReplicaPurgeDelay: 200
nsds5ReplicaChangeCount: 3091
nsds5replicareapactive: 0

Hereafter some informations about my environment: 
CentOS release 6.5 (Final)
389-ds-base-libs-1.2.11.15-65.el6_7.x86_64
389-ds-base-1.2.11.15-65.el6_7.x86_64
ipa-client-3.0.0-47.el6.centos.1.x86_64
ipa-server-3.0.0-47.el6.centos.1.x86_64

Thanks for your help!

David

More information about the Freeipa-users mailing list