[Freeipa-users] Adjusting nsslapd-cachememsize
Rich Megginson
rmeggins at redhat.com
Mon Mar 20 22:34:18 UTC 2017
On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
> Directly editing the lse.ldif didn't work. ipactl start hangs on
> pki-tomcatd. I think I've broken it. I seem to recall ldap not liking
> being edited by hand.
You have to make sure dirsrv is not running before you edit dse.ldif.
Not sure if ipactl stop will wait until all services are not running.
>
> cheers
> L.
>
> ------
> The most dangerous phrase in the language is, "We've always done it
> this way."
>
> - Grace Hopper
>
> On 17 March 2017 at 19:45, Bob Hinton <bob at rha-ltd.co.uk
> <mailto:bob at rha-ltd.co.uk>> wrote:
>
> Hi Lachlan,
>
> This is probably a complete hack, but the way I've changed
> nsslapd-cachememsize in the past is -
>
> On each ipa replica in turn -
>
> 1. ipactl stop
> 2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif - (where DOMAIN is
> your server's domain/realm - not sure which) find and change
> the value of nsslapd-cachememsize
> 3. ipactl start
>
> This seemed to work in that it made the error messages go away and
> it made heavily loaded servers more stable. However, I've not
> tried this on a recent version of ipa so it may no longer work or
> not be needed any more.
>
> Regards
>
> Bob
>
>
> On 17/03/2017 02:20, Lachlan Musicman wrote:
>> While going through the logs on the FreeIPA server, I noticed this:
>>
>>
>> WARNING: changelog: entry cache size 2097152 B is less than db
>> size 12804096 B; We recommend to increase the entry cache size
>> nsslapd-cachememsize.
>>
>>
>> I have found a number of documents:
>>
>> What it is:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html
>> <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html>
>>
>> How to tune it:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html
>> <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html>
>>
>>
>> etc etc.
>>
>> I have no idea of what the secret password is for the
>> "cn=directory manager" and can't find any information about where
>> I might find it or where or when it might have been set anywhere.
>> I have found a number of likely candidates, but none have worked.
>>
>> I found this page:
>>
>> https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>> <https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password>
>>
>> but I'd prefer to not change the password if possible.
>>
>> cheers
>> L.
>>
>>
>>
>> ------
>> The most dangerous phrase in the language is, "We've always done
>> it this way."
>>
>> - Grace Hopper
>>
>>
>
>
>
>
More information about the Freeipa-users
mailing list