subject:"\[Freeipa\-users\] Re\: How to change nsslapd\-cachememsize"

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Alexander Bokovoy via FreeIPA-users


On ti, 17 heinä 2018, Kees Bakker wrote:

On 17-07-18 13:15, Alexander Bokovoy wrote:

[...]
Could you please file a ticket with all these details?


You mean at https://pagure.io/freeipa/issues ?

Yes. Thanks in advance.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/GQTI6KE6PU4CCMGW3PMLHVLDGNCP5XXZ/

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Alexander Bokovoy via FreeIPA-users


On ti, 17 heinä 2018, Ludwig Krispenz via FreeIPA-users wrote:

2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', 
['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])]

Somehow it considered adding instead of replacing.

Could you please file a ticket with all these details?

Mean while you can obviously use ldapmodify directly. I just wonder
what's wrong with replace...

not sure about the syntax of ldap updater, but could it be that
replace:nsslapd-cachememsize:2097152::33554432

is interpreted as replacing by two values and the result is the 
attempt to ADD the new value ? for replace you do not need to provide 
the existing value.

I don't think it works this way for ipa-ldap-updater -- it has different
semantics to ldif modify part. When replace action is parsed, we ensure
there are two values provided.


Then the code in 'replace' does this:
   entry_values = entry.raw.get(attr, [])
   ...
   elif action == 'replace':
   # replace values were store as list
   old, new = update_value

   try:
   entry_values.remove(old)
   except ValueError:
   logger.debug('replace: %s not found, skipping',
safe_output(attr, old))
   else:
   entry_values.append(new)
   logger.debug('replace: updated value %s',
safe_output(attr, entry_values))
   entry.raw[attr] = entry_values


So it removes old value from the entry_values list and then appends a
new one. After the first step entry_values should be an empty list for
our case.





2018-07-17T09:55:10Z DEBUG Updated 1
2018-07-17T09:55:10Z DEBUG Destroyed connection 
context.ldap2_139925522412176
2018-07-17T09:55:10Z DEBUG   File 
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 
171, in execute

   return_value = self.run()
 File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", 
line 147, in run

   modified = ld.update(self.files) or modified
 File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 918, in update

   self._run_updates(all_updates)
 File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 892, in _run_updates

   self._update_record(update)
 File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 811, in _update_record

   self.conn.update_entry(entry)
 File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", 
line 1497, in update_entry

   self.conn.modify_s(str(entry.dn), modlist)
 File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
   self.gen.throw(type, value, traceback)
 File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", 
line 975, in error_handler

   raise errors.ObjectclassViolation(info=info)


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XXP4YKYFQ3GZGCDW3RHNCEXPNLJCGZZE/

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Kees Bakker via FreeIPA-users

On 17-07-18 13:15, Alexander Bokovoy wrote:
> [...]
> Could you please file a ticket with all these details?

You mean at https://pagure.io/freeipa/issues ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/IQSHNO7XKEN4FZDUNQZQDSBPVZCDJHLF/

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Ludwig Krispenz via FreeIPA-users



On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote:

On ti, 17 heinä 2018, Kees Bakker wrote:

On 17-07-18 11:48, Alexander Bokovoy wrote:

On ti, 17 heinä 2018, Kees Bakker wrote:

To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In 
addition,
you have some substitution variables available too. These aren't 
needed

for this specific case but it would be useful in other cases.

See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ 


for details and read ipa-ldap-updater manual page.



Just to be sure, before I execute it. This will be my update file 
for ipa-ldap-updater.

(The syntax wasn't fully clear from the man page.)

# Change value nsslapd-cachememsize
dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
replace:nsslapd-cachememsize:2097152::33554432

Right?

Yes, that's how it should be. You've got it right.



Hmm. I'm getting an error

2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, 
exception: ObjectclassViolation: cannot add a value to single valued 
attribute nsslapd-cachememsize.


More details from the log:

2018-07-17T09:55:10Z DEBUG Updating existing entry: 
cn=changelog,cn=ldbm database,cn=plugins,cn=config

2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Initial value
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config

2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  2097152
2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432']
2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Final value after applying updates
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config

2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', 
['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])]

Somehow it considered adding instead of replacing.

Could you please file a ticket with all these details?

Mean while you can obviously use ldapmodify directly. I just wonder
what's wrong with replace...

not sure about the syntax of ldap updater, but could it be that
replace:nsslapd-cachememsize:2097152::33554432

is interpreted as replacing by two values and the result is the attempt 
to ADD the new value ? for replace you do not need to provide the 
existing value.



2018-07-17T09:55:10Z DEBUG Updated 1
2018-07-17T09:55:10Z DEBUG Destroyed connection 
context.ldap2_139925522412176
2018-07-17T09:55:10Z DEBUG   File 
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, 
in execute

return_value = self.run()
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", 
line 147, in run

modified = ld.update(self.files) or modified
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 918, in update

self._run_updates(all_updates)
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 892, in _run_updates

self._update_record(update)
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", 
line 811, in _update_record

self.conn.update_entry(entry)
  File

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Alexander Bokovoy via FreeIPA-users


On ti, 17 heinä 2018, Kees Bakker wrote:

On 17-07-18 11:48, Alexander Bokovoy wrote:

On ti, 17 heinä 2018, Kees Bakker wrote:

To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variables available too. These aren't needed
for this specific case but it would be useful in other cases.

See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
for details and read ipa-ldap-updater manual page.



Just to be sure, before I execute it. This will be my update file for 
ipa-ldap-updater.
(The syntax wasn't fully clear from the man page.)

# Change value nsslapd-cachememsize
dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
replace:nsslapd-cachememsize:2097152::33554432

Right?

Yes, that's how it should be. You've got it right.



Hmm. I'm getting an error

2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, exception: 
ObjectclassViolation: cannot add a value to single valued attribute 
nsslapd-cachememsize.

More details from the log:

2018-07-17T09:55:10Z DEBUG Updating existing entry: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Initial value
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG  /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  2097152
2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432']
2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Final value after applying updates
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG  /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, 
u'nsslapd-cachememsize', ['2097152'])]

Somehow it considered adding instead of replacing.

Could you please file a ticket with all these details?

Mean while you can obviously use ldapmodify directly. I just wonder
what's wrong with replace...


2018-07-17T09:55:10Z DEBUG Updated 1
2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176
2018-07-17T09:55:10Z DEBUG   File 
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 
147, in run
    modified = ld.update(self.files) or modified
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
918, in update
    self._run_updates(all_updates)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
892, in _run_updates
    self._update_record(update)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
811, in _update_record
    self.conn.update_entry(entry)
  File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1497, in 
update_entry
    self.conn.modify_s(str(entry.dn), modlist)
  File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 975, in 
error_handler
    raise errors.ObjectclassViolation(info=info)



--
/ Alexander

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Kees Bakker via FreeIPA-users

On 17-07-18 11:48, Alexander Bokovoy wrote:
> On ti, 17 heinä 2018, Kees Bakker wrote:
>>> To modify you'd rather use ipa-ldap-updater tool which manages
>>> automatically this for you when an update file is provided. In addition,
>>> you have some substitution variables available too. These aren't needed
>>> for this specific case but it would be useful in other cases.
>>>
>>> See
>>> https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
>>> for details and read ipa-ldap-updater manual page.
>>>
>>
>> Just to be sure, before I execute it. This will be my update file for 
>> ipa-ldap-updater.
>> (The syntax wasn't fully clear from the man page.)
>>
>> # Change value nsslapd-cachememsize
>> dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
>> replace:nsslapd-cachememsize:2097152::33554432
>>
>> Right?
> Yes, that's how it should be. You've got it right.
>

Hmm. I'm getting an error

2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, exception: 
ObjectclassViolation: cannot add a value to single valued attribute 
nsslapd-cachememsize.

More details from the log:

2018-07-17T09:55:10Z DEBUG Updating existing entry: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Initial value
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG  /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  2097152
2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432']
2018-07-17T09:55:10Z DEBUG -
2018-07-17T09:55:10Z DEBUG Final value after applying updates
2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm 
database,cn=plugins,cn=config
2018-07-17T09:55:10Z DEBUG nsslapd-directory:
2018-07-17T09:55:10Z DEBUG  /var/lib/dirsrv/slapd-GHS-NL/db/changelog
2018-07-17T09:55:10Z DEBUG cn:
2018-07-17T09:55:10Z DEBUG  changelog
2018-07-17T09:55:10Z DEBUG objectClass:
2018-07-17T09:55:10Z DEBUG  top
2018-07-17T09:55:10Z DEBUG  extensibleObject
2018-07-17T09:55:10Z DEBUG  nsBackendInstance
2018-07-17T09:55:10Z DEBUG nsslapd-require-index:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-suffix:
2018-07-17T09:55:10Z DEBUG  cn=changelog
2018-07-17T09:55:10Z DEBUG nsslapd-readonly:
2018-07-17T09:55:10Z DEBUG  off
2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize:
2018-07-17T09:55:10Z DEBUG  10485760
2018-07-17T09:55:10Z DEBUG nsslapd-cachesize:
2018-07-17T09:55:10Z DEBUG  -1
2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize:
2018-07-17T09:55:10Z DEBUG  33554432
2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, 
u'nsslapd-cachememsize', ['2097152'])]
2018-07-17T09:55:10Z DEBUG Updated 1
2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176
2018-07-17T09:55:10Z DEBUG   File 
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File 
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 
147, in run
    modified = ld.update(self.files) or modified
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
918, in update
    self._run_updates(all_updates)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
892, in _run_updates
    self._update_record(update)
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 
811, in _update_record
    self.conn.update_entry(entry)
  File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1497, in 
update_entry
    self.conn.modify_s(str(entry.dn), modlist)
  File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 975, in 
error_handler
    raise errors.ObjectclassViolation(info=info)
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Alexander Bokovoy via FreeIPA-users


On ti, 17 heinä 2018, Kees Bakker wrote:

To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variables available too. These aren't needed
for this specific case but it would be useful in other cases.

See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
for details and read ipa-ldap-updater manual page.



Just to be sure, before I execute it. This will be my update file for 
ipa-ldap-updater.
(The syntax wasn't fully clear from the man page.)

# Change value nsslapd-cachememsize
dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
replace:nsslapd-cachememsize:2097152::33554432

Right?

Yes, that's how it should be. You've got it right.

If you have any suggestions on how to improve the manual page, please
file a ticket.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/VZJD4O3SQFCXX2JLOTZLCD64LZ44TCTR/

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Kees Bakker via FreeIPA-users

On 17-07-18 10:56, Alexander Bokovoy wrote:
> On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote:
>> Hi,
>>
>> This is about the infamous log message
>>
>>     WARNING: changelog: entry cache size 2097152B is less than db size 
>> 19701760B; We recommend to increase the entry cache size 
>> nsslapd-cachememsize.
>>
>> I've searched the Internet, including this mailing list, but I haven't found
>> a sensible FreeIPA solution yet. There was a hint to look at [1], that 
>> suggested that
>> I should use ldapmodify. Well OK, but before I do that I want to first see,
>> using ldapsearch, that I can query the current value. I tried this (with 
>> proper
>> kinit of course):
>>
>>   ldapsearch -Y GSSAPI -b cn=config
>>
>> That didn't show anything useful, nothing with nsslapd-cachememsize.
>> That makes me wonder whether the suggested ldapmodify command is
>> correct for me.
>>
>> My question is basically: what is the recommended FreeIPA way to modify
>> nsslapd-cachememsize?  And will the modification automatically
>> replicate from the master to the replica?
> It needs to be done as cn=Directory Manager. 'admin' has no rights over
> cn=config.

Ah, that makes sense now.

>
> One way to do that is to use ldapi and -Y EXTERNAL. Take the LDAP url
> from /etc/ipa/default.conf and as root on the master do
>
>  ldapsearch -Y EXTERNAL -H '' -b cn=config
>
OK, thanks. I can see the entries now.

> To modify you'd rather use ipa-ldap-updater tool which manages
> automatically this for you when an update file is provided. In addition,
> you have some substitution variables available too. These aren't needed
> for this specific case but it would be useful in other cases.
>
> See
> https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
> for details and read ipa-ldap-updater manual page.
>

Just to be sure, before I execute it. This will be my update file for 
ipa-ldap-updater.
(The syntax wasn't fully clear from the man page.)

# Change value nsslapd-cachememsize
dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config
replace:nsslapd-cachememsize:2097152::33554432

Right?
-- 
Kees
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/LPBWRGGKKHX564VESYGX5XVFYL2VHKMC/

[Freeipa-users] Re: How to change nsslapd-cachememsize

2018-07-17 Thread Alexander Bokovoy via FreeIPA-users

On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote:

Hi,

This is about the infamous log message

WARNING: changelog: entry cache size 2097152B is less than db size
19701760B; We recommend to increase the entry cache size nsslapd-cachememsize.

I've searched the Internet, including this mailing list, but I haven't found
a sensible FreeIPA solution yet. There was a hint to look at [1], that
suggested that
I should use ldapmodify. Well OK, but before I do that I want to first see,
using ldapsearch, that I can query the current value. I tried this (with proper
kinit of course):

ldapsearch -Y GSSAPI -b cn=config

That didn't show anything useful, nothing with nsslapd-cachememsize.
That makes me wonder whether the suggested ldapmodify command is
correct for me.

My question is basically: what is the recommended FreeIPA way to modify
nsslapd-cachememsize? And will the modification automatically
replicate from the master to the replica?

It needs to be done as cn=Directory Manager. 'admin' has no rights over
cn=config.

One way to do that is to use ldapi and -Y EXTERNAL. Take the LDAP url
from /etc/ipa/default.conf and as root on the master do

ldapsearch -Y EXTERNAL -H '' -b cn=config

To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an update file is provided. In addition,
you have some substitution variables available too. These aren't needed
for this specific case but it would be useful in other cases.

See
https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
for details and read ipa-ldap-updater manual page.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/YAJD5NRP4JZG4LOTW6PIH74J2BQ5IK7Y/

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

[Freeipa-users] Re: How to change nsslapd-cachememsize

9 matches

Site Navigation

Mail list logo

Footer information