So are you telling, your ds-389 isn't responding to simple ldapsearch for
instance, even if there is no huge amount of logins to hosts? Just from
refreshing cache on host clients? But if you doesn't have sssd (that do
kernel-caching of privileges), therefore all your clients every time doing
ldapsearch or something like this against ds-389 (but I could be wrong).
Though I think ldap is really fast and could stand for thousands of
requests.
What access and errors logs of DS showing you?

2017-12-11 21:52 GMT+03:00 Aaron Hicks <aaron.hi...@nesi.org.nz>:

> Hi Andrew,
>
> I’m afraid it’s often happening during the initial population if the
> cache. Also these host are all LDAP only and caching with nscd, as they
> only need user and group name resolution. This was done to minimise changes
> to their software image as they’re stateless/diskless hosts.
>
> Get Outlook for iOS <https://aka.ms/o0ukef>
> ------------------------------
> *From:* Andrew Radygin <randr...@gmail.com>
> *Sent:* Monday, December 11, 2017 7:54:45 PM
> *To:* FreeIPA users list
> *Cc:* Aaron Hicks
> *Subject:* Re: [Freeipa-users] FreeIPA connection limits?
>
> Does sssd caching of privileges is working?
> I mean, suppose if there is no reply from IPA-server, it should use local
> cache for existing users.
>
> 2017-12-11 0:08 GMT+03:00 Aaron Hicks via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org>:
>
>> Hello the list,
>>
>>
>>
>> We’ve got a number (hundreds) of hosts inside a private network, these
>> all query the FreeIPA server for user and group information using NAT and a
>> gateway server.
>>
>>
>>
>> However we’re having issues with the LDAP queries timing out or becoming
>> unresponsive.
>>
>>
>>
>> Is there a limit on the number of concurrent connections from a single
>> host (e.g. the NAT gateway)?
>>
>>
>>
>> Is there a way of increasing the number of simultaneous connections to
>> FreeIPA/dirsrv?
>>
>>
>>
>> Regards,
>>
>>
>>
>> Aaron
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>
>
> --
> Best regards, Andrew.
>



-- 
Best regards, Andrew.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to