[Fedora-directory-devel] aci cache overflown problem - suggested patch for acl.h
Rich Megginson
rmeggins at redhat.com
Tue Mar 31 15:03:45 UTC 2009
Audun Røe wrote:
>
> Hey,
>
>
>
> We're in the process of replacing an old Sun Directory Server 5.2
> deployment. In our preliminary tests using FDS 1.1.0 (this was back in
> Q2 2008 or so), we saw lots of "aci cache overflown" messages in the
> log for some users, and performance would basically drop to
> unacceptable levels. I previously posted about the issue to the
> user-list in early May 2008, though in retrospect the mail probably
> should've gone here. It's archived at
> http://www.mailinglistarchive.com/fedora-directory-users@redhat.com/msg02612.html
> if anyone's interested)
>
>
>
> Anyway, searching the cvs tree for the log message and bumping
> ACLPB_MAX_SELECTED_ACLS from 200 to 2000 just happened to solve our
> problem. The change was made as a long-shot in the dark without any
> insight into the code-base, i.e. we don't really have any broad
> understanding of how and where it's used. It just seemingly works.
> During our testing, we have not seen side-effects though we don't
> really have any experience with the unmodified server. It just wasn't
> usable for us with the legacy ldap-structure we have.
>
>
>
> I've attached a patch for the one-line change we made, based on the
> source RPM for fds-base-1.1.3. What are your thoughts on including
> this in future revisions? If the patch is unacceptable, would you be
> more prepared to accept a contribution making this configurable from
> dse.ldif?
>
Yes. This seems like something that should be configurable. We would
welcome your contribution.
Step 1) Please review http://directory.fedoraproject.org/wiki/Contributing
Step 2) Please open a bug in bugzilla.redhat.com for Fedora Directory
Server - you can attach patches, tests, etc. to the bug (after we
receive confirmation that you have signed and submitted the CLA)
>
> Assuming neither option is acceptable and the current value of 200 is
> locked, I would very much like to hear the reasoning, as obviously,
> even if things seem to work, the apparent shortage of other people
> bumping into this problem is slightly worrying (our directory has
> upwards of 1500 aci attrs - count made with a quick grep -c "aci:" on
> an ldif exported from the old Sun ldap).
>
>
>
>
>
> --
>
> Audun Røe
>
> mail: audun.roe at kantega.no
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20090331/11810aa1/attachment.bin
More information about the 389-devel
mailing list