[Freeipa-users] Adjusting nsslapd-cachememsize

Rich Megginson rmeggins at redhat.com
Mon Mar 20 22:34:18 UTC 2017 

On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
> Directly editing the lse.ldif didn't work. ipactl start hangs on 
> pki-tomcatd. I think I've broken it. I seem to recall ldap not liking 
> being edited by hand.

You have to make sure dirsrv is not running before you edit dse.ldif.  
Not sure if ipactl stop will wait until all services are not running.

>
> cheers
> L.
>
> ------
> The most dangerous phrase in the language is, "We've always done it 
> this way."
>
> - Grace Hopper
>
> On 17 March 2017 at 19:45, Bob Hinton <bob at rha-ltd.co.uk 
> <mailto:bob at rha-ltd.co.uk>> wrote:
>
>     Hi Lachlan,
>
>     This is probably a complete hack, but the way I've changed
>     nsslapd-cachememsize in the past is -
>
>     On each ipa replica in turn -
>
>      1. ipactl stop
>      2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif    - (where DOMAIN is
>         your server's domain/realm - not sure which) find and change
>         the value of nsslapd-cachememsize
>      3. ipactl start
>
>     This seemed to work in that it made the error messages go away and
>     it made heavily loaded servers more stable. However, I've not
>     tried this on a recent version of ipa so it may no longer work or
>     not be needed any more.
>
>     Regards
>
>     Bob
>
>
>     On 17/03/2017 02:20, Lachlan Musicman wrote:
>>     While going through the logs on the FreeIPA server, I noticed this:
>>
>>
>>     WARNING: changelog: entry cache size 2097152 B is less than db
>>     size 12804096 B; We recommend to increase the entry cache size
>>     nsslapd-cachememsize.
>>
>>
>>     I have found a number of documents:
>>
>>     What it is:
>>     https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html
>>     <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html>
>>
>>     How to tune it:
>>     https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html
>>     <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html>
>>
>>
>>     etc etc.
>>
>>     I have no idea of what the secret password is for the
>>     "cn=directory manager" and can't find any information about where
>>     I might find it or where or when it might have been set anywhere.
>>     I have found a number of likely candidates, but none have worked.
>>
>>     I found this page:
>>
>>     https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>     <https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password>
>>
>>     but I'd prefer to not change the password if possible.
>>
>>     cheers
>>     L.
>>
>>
>>
>>     ------
>>     The most dangerous phrase in the language is, "We've always done
>>     it this way."
>>
>>     - Grace Hopper
>>
>>
>
>
>
>

More information about the Freeipa-users mailing list