[Freeipa-users] How do I modify the entry cache size?

Chris Mohler cmohler at oberlin.edu
Mon Feb 9 15:26:22 UTC 2015 

On 02/09/2015 09:48 AM, Rich Megginson wrote:
> On 02/08/2015 08:23 PM, Chris Mohler wrote:
>> Thanks for the reply and the link Rich!
>>
>> dbmon.sh is a handy tool indeed.
>>
>> I read the instructions and upped my entry cache size to 2gb because 
>> I have enough ram.
>> Everything went well until
>> |service dirsrv restart
>>
>> |
>> |I Got the following errors:
>> [06/Feb/2015:10:07:35 -0500] - slapd stopped.
>> [06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
>> [06/Feb/2015:10:07:37 -0500] attr_syntax_create - Error: the SUBSTR matching rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
>> [06/Feb/2015:10:07:37 -0500] - 389-Directory/1.2.11.15  <http://1.2.11.15>  B2014.314.1342 starting up
>> [06/Feb/2015:10:07:37 -0500] - slapd started.  Listening on All Interfaces port 7389 for LDAP requests
>> [06/Feb/2015:10:07:37 -0500] - Listening on All Interfaces port 7390 for LDAPS requests
>>
>> |
>> |Oddly enough everything appears to be working. Are these messages safe to ignore?
>> |
>
> This is definitely not related to the cache size.
>
> |Not sure what the problem is - looks like something has done an 
> override of the standard schema definition of dc. 
> http://tools.ietf.org/html/rfc4519 defines it with syntax 
> 1.3.6.1.4.1.1466.115.121.1.26.
>
> rpm -q 389-ds-base
>
> find /etc/dirsrv -name \*.ldif -exec grep 0.9.2342.19200300.100.1.25 
> {} /dev/null \;
>
>
> |
>> |Another run of dbmon.sh shows that my entry cache was increased.
>>
>> |||
>> |Thanks,
>> |
>> |-Chris
>> |
>> |
>> |
>>
>>
>> On Sun, Feb 8, 2015 at 5:58 PM, Rich Megginson <rmeggins at redhat.com 
>> <mailto:rmeggins at redhat.com>> wrote:
>>
>>     On 02/07/2015 11:25 AM, Chris Mohler wrote:
>>>     Hi Everyone. I'm trying to troubleshoot some issues I'm having. I want to increase the entry cache size
>>>     I'm trying to follow the directions here
>>>     /usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w secret -p 389
>>>
>>>     dn: cn=/|database_name|/, cn=ldbm database, cn=plugins, cn=config
>>>     changetype: modify
>>>     replace: nsslapd-cachememsize
>>>     nsslapd-cachememsize: 20971520
>>>
>>>     Is this the correct way to do this? How do I find out what the "
>>>     cn=/|database_name" is supposed to be?
>>>     |/
>>
>>     |/see /|https://github.com/richm/scripts/wiki/dbmon.sh - the
>>     script will tell you what the names of your databases are.
>>>     /|
>>>     |/
>>>     /|Thanks,
>>>     |/
>>>     /|-Chris
>>>     |/
>>>
>>>
>>
>>
>>     --
>>     Manage your subscription for the Freeipa-users mailing list:
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>>     Go To http://freeipa.org for more info on the project
>>
>>
>
>
>
Thanks again Rich,
I have been having an abundance of issues with my FreeIPA server lately. 
I'm not surprised that error is not related. I was not sure as It has 
not surfaced in my logs before I changed the entry cache size. Possibly 
this will be the clue to get me on the road to recovery.
> |Not sure what the problem is - looks like something has done an 
> override of the standard schema definition of dc. 
> http://tools.ietf.org/html/rfc4519 defines it with syntax 
> 1.3.6.1.4.1.1466.115.121.1.26.|
I migrated from OpenLdap about a year ago. So my install is a migration. 
I also recently tried to add a replica. Which prompted me to update the 
schema on the master before it would replicate.

> |rpm -q 389-ds-base|
|389-ds-base-1.2.11.15-48.el6_6.x86_64

|
> |find /etc/dirsrv -name \*.ldif -exec grep 0.9.2342.19200300.100.1.25 
> {} /dev/null \;|
|
|/etc/dirsrv/slapd-PKI-IPA/schema.bak/00core.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-PKI-IPA/schema/00core.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-PKI-IPA/schema/05rfc2247.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 
'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
SINGLE-VALUE X-ORIGIN 'RFC 2247' )
/etc/dirsrv/schema/00core.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-CS-OBERLIN-EDU/schema.bak/00core.ldif:attributeTypes: 
( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-CS-OBERLIN-EDU/schema/00core.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )

Thanks again,
-Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150209/9f78c2ab/attachment.htm>

More information about the Freeipa-users mailing list