On 03/30/2015 10:15 AM, Janelle wrote:
For LDAP-only clients, I see an issue with performance on the dirsrv
backends, and much of it has to do with 2 things:
1. Anonymous binds (1000's because of 7000+ hosts)
2. unindexed searches <-- perhaps the biggest problem and working on
troubleshooting that and figuring out how to fix it.
For that amount of clients we recommend 2-3 replicas.
There is documentation on how to create indexes.
I am not a DS guru but AFAIU they need to be created on each replica.
You need to check what searches are taking long time and then match the
attributes that you are looking for with the list of the indexed
attributes. The link about will give you the location where the indexes
On 3/29/15 8:38 PM, Dmitri Pal wrote:
On 03/27/2015 08:22 PM, Janelle wrote:
Just wondering if there is an easy way to increase anonymous binds
on the back end for non Kerberos clients?
I have seen some mention of it, and that IPA has limits, can't can't
find a lot of detail?
I am not sure I understand what you are asking.
What do you mean by "increase anonymous binds" ?
Increase timeout? Or you want to allow anonymous binds?
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project