[Freeipa-users] Re: How to change nsslapd-cachememsize
On ti, 17 heinä 2018, Kees Bakker wrote: On 17-07-18 13:15, Alexander Bokovoy wrote: [...] Could you please file a ticket with all these details? You mean at https://pagure.io/freeipa/issues ? Yes. Thanks in advance. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/GQTI6KE6PU4CCMGW3PMLHVLDGNCP5XXZ/
[Freeipa-users] Re: How to change nsslapd-cachememsize
On ti, 17 heinä 2018, Ludwig Krispenz via FreeIPA-users wrote: 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 33554432 2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])] Somehow it considered adding instead of replacing. Could you please file a ticket with all these details? Mean while you can obviously use ldapmodify directly. I just wonder what's wrong with replace... not sure about the syntax of ldap updater, but could it be that replace:nsslapd-cachememsize:2097152::33554432 is interpreted as replacing by two values and the result is the attempt to ADD the new value ? for replace you do not need to provide the existing value. I don't think it works this way for ipa-ldap-updater -- it has different semantics to ldif modify part. When replace action is parsed, we ensure there are two values provided. Then the code in 'replace' does this: entry_values = entry.raw.get(attr, []) ... elif action == 'replace': # replace values were store as list old, new = update_value try: entry_values.remove(old) except ValueError: logger.debug('replace: %s not found, skipping', safe_output(attr, old)) else: entry_values.append(new) logger.debug('replace: updated value %s', safe_output(attr, entry_values)) entry.raw[attr] = entry_values So it removes old value from the entry_values list and then appends a new one. After the first step entry_values should be an empty list for our case. 2018-07-17T09:55:10Z DEBUG Updated 1 2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176 2018-07-17T09:55:10Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 147, in run modified = ld.update(self.files) or modified File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 918, in update self._run_updates(all_updates) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 892, in _run_updates self._update_record(update) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 811, in _update_record self.conn.update_entry(entry) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1497, in update_entry self.conn.modify_s(str(entry.dn), modlist) File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 975, in error_handler raise errors.ObjectclassViolation(info=info) -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XXP4YKYFQ3GZGCDW3RHNCEXPNLJCGZZE/
[Freeipa-users] Re: How to change nsslapd-cachememsize
On 17-07-18 13:15, Alexander Bokovoy wrote: > [...] > Could you please file a ticket with all these details? You mean at https://pagure.io/freeipa/issues ? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/IQSHNO7XKEN4FZDUNQZQDSBPVZCDJHLF/
[Freeipa-users] Re: How to change nsslapd-cachememsize
On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote: On ti, 17 heinä 2018, Kees Bakker wrote: On 17-07-18 11:48, Alexander Bokovoy wrote: On ti, 17 heinä 2018, Kees Bakker wrote: To modify you'd rather use ipa-ldap-updater tool which manages automatically this for you when an update file is provided. In addition, you have some substitution variables available too. These aren't needed for this specific case but it would be useful in other cases. See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ for details and read ipa-ldap-updater manual page. Just to be sure, before I execute it. This will be my update file for ipa-ldap-updater. (The syntax wasn't fully clear from the man page.) # Change value nsslapd-cachememsize dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config replace:nsslapd-cachememsize:2097152::33554432 Right? Yes, that's how it should be. You've got it right. Hmm. I'm getting an error 2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, exception: ObjectclassViolation: cannot add a value to single valued attribute nsslapd-cachememsize. More details from the log: 2018-07-17T09:55:10Z DEBUG Updating existing entry: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Initial value 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 2097152 2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432'] 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Final value after applying updates 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 33554432 2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])] Somehow it considered adding instead of replacing. Could you please file a ticket with all these details? Mean while you can obviously use ldapmodify directly. I just wonder what's wrong with replace... not sure about the syntax of ldap updater, but could it be that replace:nsslapd-cachememsize:2097152::33554432 is interpreted as replacing by two values and the result is the attempt to ADD the new value ? for replace you do not need to provide the existing value. 2018-07-17T09:55:10Z DEBUG Updated 1 2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176 2018-07-17T09:55:10Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 147, in run modified = ld.update(self.files) or modified File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 918, in update self._run_updates(all_updates) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 892, in _run_updates self._update_record(update) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 811, in _update_record self.conn.update_entry(entry) File
[Freeipa-users] Re: How to change nsslapd-cachememsize
On ti, 17 heinä 2018, Kees Bakker wrote: On 17-07-18 11:48, Alexander Bokovoy wrote: On ti, 17 heinä 2018, Kees Bakker wrote: To modify you'd rather use ipa-ldap-updater tool which manages automatically this for you when an update file is provided. In addition, you have some substitution variables available too. These aren't needed for this specific case but it would be useful in other cases. See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ for details and read ipa-ldap-updater manual page. Just to be sure, before I execute it. This will be my update file for ipa-ldap-updater. (The syntax wasn't fully clear from the man page.) # Change value nsslapd-cachememsize dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config replace:nsslapd-cachememsize:2097152::33554432 Right? Yes, that's how it should be. You've got it right. Hmm. I'm getting an error 2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, exception: ObjectclassViolation: cannot add a value to single valued attribute nsslapd-cachememsize. More details from the log: 2018-07-17T09:55:10Z DEBUG Updating existing entry: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Initial value 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 2097152 2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432'] 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Final value after applying updates 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 33554432 2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])] Somehow it considered adding instead of replacing. Could you please file a ticket with all these details? Mean while you can obviously use ldapmodify directly. I just wonder what's wrong with replace... 2018-07-17T09:55:10Z DEBUG Updated 1 2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176 2018-07-17T09:55:10Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 147, in run modified = ld.update(self.files) or modified File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 918, in update self._run_updates(all_updates) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 892, in _run_updates self._update_record(update) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 811, in _update_record self.conn.update_entry(entry) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1497, in update_entry self.conn.modify_s(str(entry.dn), modlist) File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 975, in error_handler raise errors.ObjectclassViolation(info=info) -- / Alexander
[Freeipa-users] Re: How to change nsslapd-cachememsize
On 17-07-18 11:48, Alexander Bokovoy wrote: > On ti, 17 heinä 2018, Kees Bakker wrote: >>> To modify you'd rather use ipa-ldap-updater tool which manages >>> automatically this for you when an update file is provided. In addition, >>> you have some substitution variables available too. These aren't needed >>> for this specific case but it would be useful in other cases. >>> >>> See >>> https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ >>> for details and read ipa-ldap-updater manual page. >>> >> >> Just to be sure, before I execute it. This will be my update file for >> ipa-ldap-updater. >> (The syntax wasn't fully clear from the man page.) >> >> # Change value nsslapd-cachememsize >> dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config >> replace:nsslapd-cachememsize:2097152::33554432 >> >> Right? > Yes, that's how it should be. You've got it right. > Hmm. I'm getting an error 2018-07-17T09:55:10Z DEBUG The ipa-ldap-updater command failed, exception: ObjectclassViolation: cannot add a value to single valued attribute nsslapd-cachememsize. More details from the log: 2018-07-17T09:55:10Z DEBUG Updating existing entry: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Initial value 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 2097152 2018-07-17T09:55:10Z DEBUG replace: updated value ['33554432'] 2018-07-17T09:55:10Z DEBUG - 2018-07-17T09:55:10Z DEBUG Final value after applying updates 2018-07-17T09:55:10Z DEBUG dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config 2018-07-17T09:55:10Z DEBUG nsslapd-directory: 2018-07-17T09:55:10Z DEBUG /var/lib/dirsrv/slapd-GHS-NL/db/changelog 2018-07-17T09:55:10Z DEBUG cn: 2018-07-17T09:55:10Z DEBUG changelog 2018-07-17T09:55:10Z DEBUG objectClass: 2018-07-17T09:55:10Z DEBUG top 2018-07-17T09:55:10Z DEBUG extensibleObject 2018-07-17T09:55:10Z DEBUG nsBackendInstance 2018-07-17T09:55:10Z DEBUG nsslapd-require-index: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-suffix: 2018-07-17T09:55:10Z DEBUG cn=changelog 2018-07-17T09:55:10Z DEBUG nsslapd-readonly: 2018-07-17T09:55:10Z DEBUG off 2018-07-17T09:55:10Z DEBUG nsslapd-dncachememsize: 2018-07-17T09:55:10Z DEBUG 10485760 2018-07-17T09:55:10Z DEBUG nsslapd-cachesize: 2018-07-17T09:55:10Z DEBUG -1 2018-07-17T09:55:10Z DEBUG nsslapd-cachememsize: 2018-07-17T09:55:10Z DEBUG 33554432 2018-07-17T09:55:10Z DEBUG [(0, u'nsslapd-cachememsize', ['33554432']), (1, u'nsslapd-cachememsize', ['2097152'])] 2018-07-17T09:55:10Z DEBUG Updated 1 2018-07-17T09:55:10Z DEBUG Destroyed connection context.ldap2_139925522412176 2018-07-17T09:55:10Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_ldap_updater.py", line 147, in run modified = ld.update(self.files) or modified File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 918, in update self._run_updates(all_updates) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 892, in _run_updates self._update_record(update) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ldapupdate.py", line 811, in _update_record self.conn.update_entry(entry) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 1497, in update_entry self.conn.modify_s(str(entry.dn), modlist) File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/dist-packages/ipapython/ipaldap.py", line 975, in error_handler raise errors.ObjectclassViolation(info=info) ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:
[Freeipa-users] Re: How to change nsslapd-cachememsize
On ti, 17 heinä 2018, Kees Bakker wrote: To modify you'd rather use ipa-ldap-updater tool which manages automatically this for you when an update file is provided. In addition, you have some substitution variables available too. These aren't needed for this specific case but it would be useful in other cases. See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ for details and read ipa-ldap-updater manual page. Just to be sure, before I execute it. This will be my update file for ipa-ldap-updater. (The syntax wasn't fully clear from the man page.) # Change value nsslapd-cachememsize dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config replace:nsslapd-cachememsize:2097152::33554432 Right? Yes, that's how it should be. You've got it right. If you have any suggestions on how to improve the manual page, please file a ticket. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/VZJD4O3SQFCXX2JLOTZLCD64LZ44TCTR/
[Freeipa-users] Re: How to change nsslapd-cachememsize
On 17-07-18 10:56, Alexander Bokovoy wrote: > On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote: >> Hi, >> >> This is about the infamous log message >> >> WARNING: changelog: entry cache size 2097152B is less than db size >> 19701760B; We recommend to increase the entry cache size >> nsslapd-cachememsize. >> >> I've searched the Internet, including this mailing list, but I haven't found >> a sensible FreeIPA solution yet. There was a hint to look at [1], that >> suggested that >> I should use ldapmodify. Well OK, but before I do that I want to first see, >> using ldapsearch, that I can query the current value. I tried this (with >> proper >> kinit of course): >> >> ldapsearch -Y GSSAPI -b cn=config >> >> That didn't show anything useful, nothing with nsslapd-cachememsize. >> That makes me wonder whether the suggested ldapmodify command is >> correct for me. >> >> My question is basically: what is the recommended FreeIPA way to modify >> nsslapd-cachememsize? And will the modification automatically >> replicate from the master to the replica? > It needs to be done as cn=Directory Manager. 'admin' has no rights over > cn=config. Ah, that makes sense now. > > One way to do that is to use ldapi and -Y EXTERNAL. Take the LDAP url > from /etc/ipa/default.conf and as root on the master do > > ldapsearch -Y EXTERNAL -H '' -b cn=config > OK, thanks. I can see the entries now. > To modify you'd rather use ipa-ldap-updater tool which manages > automatically this for you when an update file is provided. In addition, > you have some substitution variables available too. These aren't needed > for this specific case but it would be useful in other cases. > > See > https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ > for details and read ipa-ldap-updater manual page. > Just to be sure, before I execute it. This will be my update file for ipa-ldap-updater. (The syntax wasn't fully clear from the man page.) # Change value nsslapd-cachememsize dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config replace:nsslapd-cachememsize:2097152::33554432 Right? -- Kees ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/LPBWRGGKKHX564VESYGX5XVFYL2VHKMC/
[Freeipa-users] Re: How to change nsslapd-cachememsize
On ti, 17 heinä 2018, Kees Bakker via FreeIPA-users wrote: Hi, This is about the infamous log message WARNING: changelog: entry cache size 2097152B is less than db size 19701760B; We recommend to increase the entry cache size nsslapd-cachememsize. I've searched the Internet, including this mailing list, but I haven't found a sensible FreeIPA solution yet. There was a hint to look at [1], that suggested that I should use ldapmodify. Well OK, but before I do that I want to first see, using ldapsearch, that I can query the current value. I tried this (with proper kinit of course): ldapsearch -Y GSSAPI -b cn=config That didn't show anything useful, nothing with nsslapd-cachememsize. That makes me wonder whether the suggested ldapmodify command is correct for me. My question is basically: what is the recommended FreeIPA way to modify nsslapd-cachememsize? And will the modification automatically replicate from the master to the replica? It needs to be done as cn=Directory Manager. 'admin' has no rights over cn=config. One way to do that is to use ldapi and -Y EXTERNAL. Take the LDAP url from /etc/ipa/default.conf and as root on the master do ldapsearch -Y EXTERNAL -H '' -b cn=config To modify you'd rather use ipa-ldap-updater tool which manages automatically this for you when an update file is provided. In addition, you have some substitution variables available too. These aren't needed for this specific case but it would be useful in other cases. See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ for details and read ipa-ldap-updater manual page. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/YAJD5NRP4JZG4LOTW6PIH74J2BQ5IK7Y/