[Pki-users] partition dogtag data in the ldap server?
Dave Sirrine
dsirrine at redhat.com
Wed Jul 22 18:35:08 UTC 2015
Alexander,
Can you define "hard to handle"? What version of Dogtag are you using? Are you running into performance degradation? Unfortunately, it likely won't be too easy to segregate this data. In dogtag 10.2 there should be a scheduled job that regularly runs through and removes all expired certs:
jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
Thanks in advance.
-- Dave
----- Original Message -----
> From: "Alexander Jung" <alexander.w.jung at gmail.com>
> To: "pki-users at redhat.com" <Pki-users at redhat.com>
> Sent: Thursday, July 9, 2015 7:44:17 AM
> Subject: [Pki-users] partition dogtag data in the ldap server?
> Hi,
> we have a rather large dogtag install here and the ldap-info is getting hard
> to handle (right now in the ~75Gb range).
> Are there any recomended ways to partition the data ? I am thinking of
> migrating all expired and revoked certificates to a chainend ldap-instance
> and keep only the "valid" certificates data in direct access to the CA
> instances.
> The migration from the "valid" partition to the "expired" partition will have
> to be done outside of dogtag and the 389ds-ldaps, probably by a script at
> night (it probably could be integrated into the expire runs the dogtag does,
> although)
> Has a thing like this been done yet? What were the experiences ? What sould I
> look out for ?
> Mit freundlichen Grüßen,
> Alexander Jung
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150722/247421a5/attachment.htm>
More information about the Pki-users
mailing list