On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
Directly editing the lse.ldif didn't work. ipactl start hangs on pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being edited by hand.

You have to make sure dirsrv is not running before you edit dse.ldif. Not sure if ipactl stop will wait until all services are not running.


cheers
L.

------
The most dangerous phrase in the language is, "We've always done it this way."

- Grace Hopper

On 17 March 2017 at 19:45, Bob Hinton <b...@rha-ltd.co.uk <mailto:b...@rha-ltd.co.uk>> wrote:

    Hi Lachlan,

    This is probably a complete hack, but the way I've changed
    nsslapd-cachememsize in the past is -

    On each ipa replica in turn -

     1. ipactl stop
     2. vim /etc/dirsrv/slapd-DOMAIN/dse.ldif    - (where DOMAIN is
        your server's domain/realm - not sure which) find and change
        the value of nsslapd-cachememsize
     3. ipactl start

    This seemed to work in that it made the error messages go away and
    it made heavily loaded servers more stable. However, I've not
    tried this on a recent version of ipa so it may no longer work or
    not be needed any more.

    Regards

    Bob


    On 17/03/2017 02:20, Lachlan Musicman wrote:
    While going through the logs on the FreeIPA server, I noticed this:


    WARNING: changelog: entry cache size 2097152 B is less than db
    size 12804096 B; We recommend to increase the entry cache size
    nsslapd-cachememsize.


    I have found a number of documents:

    What it is:
    
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html
    
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Database_Attributes_under_cnNetscapeRoot_cnldbm_database_cnplugins_cnconfig_and_cnUserRoot_cnldbm_database_cnplugins_cnconfig-nsslapd_cachememsize.html>

    How to tune it:
    
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html
    
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/memoryusage.html>


    etc etc.

    I have no idea of what the secret password is for the
    "cn=directory manager" and can't find any information about where
    I might find it or where or when it might have been set anywhere.
    I have found a number of likely candidates, but none have worked.

    I found this page:

    https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
    <https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password>

    but I'd prefer to not change the password if possible.

    cheers
    L.



    ------
    The most dangerous phrase in the language is, "We've always done
    it this way."

    - Grace Hopper







--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to