[Freeipa-users] Adjusting nsslapd-cachememsize
Lachlan Musicman
datakid at gmail.com
Mon Mar 20 21:14:57 UTC 2017
Directly editing the lse.ldif didn't work. ipactl start hangs on
pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being
edited by hand.
cheers
L.
------
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
On 17 March 2017 at 19:45, Bob Hinton <bob at rha-ltd.co.uk> wrote:
> Hi Lachlan,
>
> This is probably a complete hack, but the way I've changed
> nsslapd-cachememsize in the past is -
>
> On each ipa replica in turn -
>
> 1. ipactl stop
> 2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif - (where DOMAIN is your
> server's domain/realm - not sure which) find and change the value of
> nsslapd-cachememsize
> 3. ipactl start
>
> This seemed to work in that it made the error messages go away and it made
> heavily loaded servers more stable. However, I've not tried this on a
> recent version of ipa so it may no longer work or not be needed any more.
>
> Regards
>
> Bob
>
> On 17/03/2017 02:20, Lachlan Musicman wrote:
>
> While going through the logs on the FreeIPA server, I noticed this:
>
>
> WARNING: changelog: entry cache size 2097152 B is less than db size
> 12804096 B; We recommend to increase the entry cache size
> nsslapd-cachememsize.
>
>
> I have found a number of documents:
>
> What it is: https://access.redhat.com/documentation/en-US/Red_Hat_
> Directory_Server/8.0/html/Configuration_and_Command_
> Reference/Configuration_Command_File_Reference-Database_Attributes_under_
> cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_
> database_cnplugins_cnconfig-nsslapd_cachememsize.html
>
> How to tune it: https://access.redhat.com/documentation/en-US/Red_Hat_
> Directory_Server/8.1/html/Administration_Guide/memoryusage.html
>
>
> etc etc.
>
> I have no idea of what the secret password is for the "cn=directory
> manager" and can't find any information about where I might find it or
> where or when it might have been set anywhere. I have found a number of
> likely candidates, but none have worked.
>
> I found this page:
>
> https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
> but I'd prefer to not change the password if possible.
>
> cheers
> L.
>
>
>
> ------
> The most dangerous phrase in the language is, "We've always done it this
> way."
>
> - Grace Hopper
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170321/3b9e4fbf/attachment.htm>
More information about the Freeipa-users
mailing list