[Freeipa-users] anonymous binds limits?
Rob Crittenden
rcritten at redhat.com
Mon Mar 30 16:02:48 UTC 2015
Dmitri Pal wrote:
> On 03/30/2015 10:15 AM, Janelle wrote:
>> For LDAP-only clients, I see an issue with performance on the dirsrv
>> backends, and much of it has to do with 2 things:
>>
>> 1. Anonymous binds (1000's because of 7000+ hosts)
>> 2. unindexed searches <-- perhaps the biggest problem and working on
>> troubleshooting that and figuring out how to fix it.
>
> For that amount of clients we recommend 2-3 replicas.
>
> There is documentation on how to create indexes.
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Indexes-Creating_Indexes.html#Creating_Indexes-Creating_Indexes_from_the_Command_Line
>
>
> I am not a DS guru but AFAIU they need to be created on each replica.
Correct.
>
> You need to check what searches are taking long time and then match the
> attributes that you are looking for with the list of the indexed
> attributes. The link about will give you the location where the indexes
> are stored.
logconv.pl will help find unindexed searches.
rob
>
>>
>> Thank you
>> ~J
>>
>> On 3/29/15 8:38 PM, Dmitri Pal wrote:
>>> On 03/27/2015 08:22 PM, Janelle wrote:
>>>> Hello,
>>>>
>>>> Just wondering if there is an easy way to increase anonymous binds
>>>> on the back end for non Kerberos clients?
>>>> I have seen some mention of it, and that IPA has limits, can't can't
>>>> find a lot of detail?
>>>>
>>>> Thank you
>>>> ~J
>>>>
>>> I am not sure I understand what you are asking.
>>> What do you mean by "increase anonymous binds" ?
>>> Increase timeout? Or you want to allow anonymous binds?
>>>
>>
>
>
More information about the Freeipa-users
mailing list