Hi All -
I've got another one today.
We have 1 attribute in our infrastructure that's extremely large - it's a PKI CRL
that's around 15MB. It sits in an entry that has about 6300 sub entries.
We had some previously mentioned issues running out of file descriptors on our consumers.
After resolving those, we were getting err=11s on searches under that entry, returning
nentries=699,700,701. 700 didn't make sense, but I thought that the issue might be
the search limit - these are anonymous, so I tried the anonlimitsdn setting with a
template, and set it higher than 700. That wasn't it.
We then started getting err=53s searching that entry - we don't even seem to get the
err=11s anymore. These searches ARE showing up un-indexed. We have indexes for the
attributes though - is it because of the ;binary versions?
Example;
[21/Jan/2014:13:32:28 -0500] conn=37952 op=1 SRCH base="ou=Entrust Managed Services
SSP CA,ou=Certification Authorities,o=Entrust,c=US" scope=2
filter="(&(|(objectClass=cRLDistributionPoint)(objectClass=pkiCA))(cn=CRL*8))"
attrs="authorityrevocationlist;binary authorityRevocationList
certificaterevocationlist;binary certificateRevocationList"
[21/Jan/2014:13:32:28 -0500] conn=37952 op=1 RESULT err=53 tag=101 nentries=0 etime=0
notes=U