On 09/12/2013 08:04 PM, Charlie Derwent wrote:

On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

    On 09/09/2013 10:20 AM, Charlie Derwent wrote:
    2 questions, some of our automation accounts are needlessly
    querying the IPA server every time they call a command via sudo.
    This is generating a lot of noise in our access logs. Is there
    any way to ensure certain system accounts don't call out to the
    IPA server for additional groups or sudo permission when
    completing tasks?

    What are your client platforms?  Does sssd or newer versions of
    sudo cache?

    The other question is slightly more embarrassing, one of our guys
    saw /var filling and noticed that
    /var/lib/dirsrv/slapd-EXAMPLE-COM/db/ had a load of "log" files
    which looked like they weren't being tidied.

    They are automatically cleaned up.  If you have a lot of updates,
    it may take longer.

    One stupid decision later and I'm now here asking on his behalf
    if there is anyway of restoring the database from a replica or is
    a complete rebuild required?

    Just reinit the replica using ipa-replica-manage.

I just tried to reinit the replica but I'm getting an error about failure to connect to LDAP server I'm guessing that's because it's impossible for me to kinit on the server now given the state of the DB.

It depends. What error? Can you provide the exact error message and/or excerpts from /var/log/dirsrv/slapd-DOMAIN-COM/errors?

    Second question is obviously a little bit more urgent than the
    first but any advice is greatly appreciated.

    Freeipa-users mailing list
    Freeipa-users@redhat.com  <mailto:Freeipa-users@redhat.com>

Freeipa-users mailing list

Reply via email to