Directly editing the lse.ldif didn't work. ipactl start hangs on pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being edited by hand.
cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 17 March 2017 at 19:45, Bob Hinton <b...@rha-ltd.co.uk> wrote: > Hi Lachlan, > > This is probably a complete hack, but the way I've changed > nsslapd-cachememsize in the past is - > > On each ipa replica in turn - > > 1. ipactl stop > 2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif - (where DOMAIN is your > server's domain/realm - not sure which) find and change the value of > nsslapd-cachememsize > 3. ipactl start > > This seemed to work in that it made the error messages go away and it made > heavily loaded servers more stable. However, I've not tried this on a > recent version of ipa so it may no longer work or not be needed any more. > > Regards > > Bob > > On 17/03/2017 02:20, Lachlan Musicman wrote: > > While going through the logs on the FreeIPA server, I noticed this: > > > WARNING: changelog: entry cache size 2097152 B is less than db size > 12804096 B; We recommend to increase the entry cache size > nsslapd-cachememsize. > > > I have found a number of documents: > > What it is: https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/8.0/html/Configuration_and_Command_ > Reference/Configuration_Command_File_Reference-Database_Attributes_under_ > cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_ > database_cnplugins_cnconfig-nsslapd_cachememsize.html > > How to tune it: https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/8.1/html/Administration_Guide/memoryusage.html > > > etc etc. > > I have no idea of what the secret password is for the "cn=directory > manager" and can't find any information about where I might find it or > where or when it might have been set anywhere. I have found a number of > likely candidates, but none have worked. > > I found this page: > > https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password > > but I'd prefer to not change the password if possible. > > cheers > L. > > > > ------ > The most dangerous phrase in the language is, "We've always done it this > way." > > - Grace Hopper > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project