> On 28 Jul 2020, at 08:11, Winstanley, Anthony <wins...@cs.ubc.ca> wrote: > > Hello, > > We’ve got a large 389ds installation and have run into issues with ACIs not > always behaving as expected. Where an ACI working on one node is not doing > anything at all on a replicated node. Sometimes reducing the number of ACIs > fixes the issue. Sometimes restarting a node fixes it. I have not found > anything in an error log that has given me any pointers as to what the > problem(s) might be. > > So my questions: > Are there config attributes that control the working of ACIs? What are they > and how should they be used? > Are there any limitations for the number and size of ACIs per 389ds instance > or database?
No there are no limits I am aware of. > Is there any best practices for troubleshooting ACI issues (like where some > work on one server but not another)? Am I missing a log file somewhere? > Is there any documentation to consult specific to ACI operation? (Beyond > syntax…) Source code even? To really answer this and help you we need to know: * What distro you are running * What version of 389-ds (`rpm -qa | grep -i 389` for example) * How many ACI's you have in your database (ldapsearch -H ldaps://... -x -b 'your dn' -D 'cn=Directory Manager' -w (aci=*) aci ). Please confirm this on all servers in the replication topology. * An example of the ACI that is failing on one server but works on the other, and sample entries about what they are trying to access or achieve Thanks, > > Thanks, > Anthony Winstanley > The University of British Columbia > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
