[Freeipa-users] anonymous binds limits?
Gokulnath
gokulnathb at gmail.com
Mon Mar 30 17:48:37 UTC 2015
Perform vlv indexing on those attributes and tune the directory for memory.
Gokul
Sent from iPhone
> On Mar 30, 2015, at 11:02 AM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Dmitri Pal wrote:
>>> On 03/30/2015 10:15 AM, Janelle wrote:
>>> For LDAP-only clients, I see an issue with performance on the dirsrv
>>> backends, and much of it has to do with 2 things:
>>>
>>> 1. Anonymous binds (1000's because of 7000+ hosts)
>>> 2. unindexed searches <-- perhaps the biggest problem and working on
>>> troubleshooting that and figuring out how to fix it.
>>
>> For that amount of clients we recommend 2-3 replicas.
>>
>> There is documentation on how to create indexes.
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Indexes-Creating_Indexes.html#Creating_Indexes-Creating_Indexes_from_the_Command_Line
>>
>>
>> I am not a DS guru but AFAIU they need to be created on each replica.
>
> Correct.
>
>>
>> You need to check what searches are taking long time and then match the
>> attributes that you are looking for with the list of the indexed
>> attributes. The link about will give you the location where the indexes
>> are stored.
>
> logconv.pl will help find unindexed searches.
>
> rob
>
>>
>>>
>>> Thank you
>>> ~J
>>>
>>>> On 3/29/15 8:38 PM, Dmitri Pal wrote:
>>>>> On 03/27/2015 08:22 PM, Janelle wrote:
>>>>> Hello,
>>>>>
>>>>> Just wondering if there is an easy way to increase anonymous binds
>>>>> on the back end for non Kerberos clients?
>>>>> I have seen some mention of it, and that IPA has limits, can't can't
>>>>> find a lot of detail?
>>>>>
>>>>> Thank you
>>>>> ~J
>>>> I am not sure I understand what you are asking.
>>>> What do you mean by "increase anonymous binds" ?
>>>> Increase timeout? Or you want to allow anonymous binds?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list