[Freeipa-users] Re: How to change nsslapd-cachememsize

Tue, 17 Jul 2018 01:56:41 -0700 

On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote:

Hi,

This is about the infamous log message

    WARNING: changelog: entry cache size 2097152B is less than db size 
19701760B; We recommend to increase the entry cache size nsslapd-cachememsize.

I've searched the Internet, including this mailing list, but I haven't found
a sensible FreeIPA solution yet. There was a hint to look at [1], that 
suggested that
I should use ldapmodify. Well OK, but before I do that I want to first see,
using ldapsearch, that I can query the current value. I tried this (with proper
kinit of course):

  ldapsearch -Y GSSAPI -b cn=config

That didn't show anything useful, nothing with nsslapd-cachememsize.
That makes me wonder whether the suggested ldapmodify command is
correct for me.

My question is basically: what is the recommended FreeIPA way to modify
nsslapd-cachememsize?  And will the modification automatically
replicate from the master to the replica?

It needs to be done as cn=Directory Manager. 'admin' has no rights over
cn=config.

One way to do that is to use ldapi and -Y EXTERNAL. Take the LDAP url
from /etc/ipa/default.conf and as root on the master do

 ldapsearch -Y EXTERNAL -H '<ldap_url value from default.conf>' -b cn=config

To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variables available too. These aren't needed
for this specific case but it would be useful in other cases.

See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
for details and read ipa-ldap-updater manual page.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/YAJD5NRP4JZG4LOTW6PIH74J2BQ5IK7Y/

Reply via email to