[Pki-users] partition dogtag data in the ldap server?
Alexander Jung
alexander.w.jung at gmail.com
Fri Jul 24 07:13:30 UTC 2015
2015-07-22 20:35 GMT+02:00 Dave Sirrine <dsirrine at redhat.com>:
> Alexander,
>
> Can you define "hard to handle"?
>
Hard to handle is a stock of over 4 Million certificates, of which about
10% are valid ones. The ldap database is with the indexes in the 100Gb
range, LDIF Backups take more than three hours and might fail if too many
changes occur during the night time we run them.
> What version of Dogtag are you using?
>
10.1. something (= the version that came out in February this year, but the
history in that ldap is migrated since around 2007)
> Are you running into performance degradation?
>
Yes, we had a perfomenace degradation , but that was a lookup error in the
code (I really have to get around to send our fixes here back to you)
Unfortunately, it likely won't be too easy to segregate this data. In
> dogtag 10.2 there should be a scheduled job that regularly runs through and
> removes all expired certs:
>
>
> jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
> jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
>
Thanks for the pointer, I'll try to attach to this one.
Mit freundlichen Grüßen,
Alexander Jung
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150724/fb352c36/attachment.htm>
More information about the Pki-users
mailing list