[Freeipa-users] anonymous binds limits?
Dmitri Pal
dpal at redhat.com
Mon Mar 30 15:50:31 UTC 2015
On 03/30/2015 10:15 AM, Janelle wrote:
> For LDAP-only clients, I see an issue with performance on the dirsrv
> backends, and much of it has to do with 2 things:
>
> 1. Anonymous binds (1000's because of 7000+ hosts)
> 2. unindexed searches <-- perhaps the biggest problem and working on
> troubleshooting that and figuring out how to fix it.
For that amount of clients we recommend 2-3 replicas.
There is documentation on how to create indexes.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Indexes-Creating_Indexes.html#Creating_Indexes-Creating_Indexes_from_the_Command_Line
I am not a DS guru but AFAIU they need to be created on each replica.
You need to check what searches are taking long time and then match the
attributes that you are looking for with the list of the indexed
attributes. The link about will give you the location where the indexes
are stored.
>
> Thank you
> ~J
>
> On 3/29/15 8:38 PM, Dmitri Pal wrote:
>> On 03/27/2015 08:22 PM, Janelle wrote:
>>> Hello,
>>>
>>> Just wondering if there is an easy way to increase anonymous binds
>>> on the back end for non Kerberos clients?
>>> I have seen some mention of it, and that IPA has limits, can't can't
>>> find a lot of detail?
>>>
>>> Thank you
>>> ~J
>>>
>> I am not sure I understand what you are asking.
>> What do you mean by "increase anonymous binds" ?
>> Increase timeout? Or you want to allow anonymous binds?
>>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list