I have run into a bug that is still open several times now causing large
problems in our LDAP Service.
https://fedorahosted.org/389/ticket/346
We have group updates that are very large in size (20k+ records) and while
we're specifically targeting the engineering group responsible, there is
nothing to stop another group to write bad code and abuse our service.
When the large update occurs during replication of the group from our
master to our search fleet we often miss SLAs on replication and search
latency because the boxes go under such heavy load.
Is there a way on our master servers we can block people from preforming
such updates? Either to discard and error on the write or just drop that
traffic all together. I'm open to any sort of suggestion this list might
have to offer.
-Jeff