On 03/30/2015 10:15 AM, Janelle wrote:
For LDAP-only clients, I see an issue with performance on the dirsrv backends, and much of it has to do with 2 things:

1. Anonymous binds (1000's because of 7000+ hosts)
2. unindexed searches <-- perhaps the biggest problem and working on troubleshooting that and figuring out how to fix it.

For that amount of clients we recommend 2-3 replicas.

There is documentation on how to create indexes.

I am not a DS guru but AFAIU they need to be created on each replica.

You need to check what searches are taking long time and then match the attributes that you are looking for with the list of the indexed attributes. The link about will give you the location where the indexes are stored.

Thank you

On 3/29/15 8:38 PM, Dmitri Pal wrote:
On 03/27/2015 08:22 PM, Janelle wrote:

Just wondering if there is an easy way to increase anonymous binds on the back end for non Kerberos clients? I have seen some mention of it, and that IPA has limits, can't can't find a lot of detail?

Thank you

I am not sure I understand what you are asking.
What do you mean by "increase anonymous binds" ?
Increase timeout? Or you want to allow anonymous binds?

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to