Diretorio Livre wrote:
Hello, We are using FDS 1.2.0 and we are making samba integration with LDAP. There are two FDS servers, one (serverA) is configured as single master and the other (serverB) as a dedicated consumer. We're using the option "ldap passwd sync=yes" and pointing the ldapsam to serverB. When we changed the password of a user (in a Windows machine), his "userpassword" ldap attribute has changed in serverB(the dedicated consumer) instead of return referral to serverA (the master). The most strange is that the access log doesn't show nothing, even the correct error code 10 (referral). We've checked the suffix configuration in the serverB and the "update on referral" was selected. It seems to us that SAMBA found a way to ignore the "update on referral" and made the modifications on the consumer. //Anybody has experiencied such behaviour?
Note that the access log is buffered, so operations may take a while before they are flushed to disk. You can change this behavior by setting nsslapd-accesslog-logbuffering: off in cn=config (but note that this may impact performance in production environments).
Can you post relevant excerpts from the access log of the dedicated consumer showing the sequence of operations for the password change? Have you checked the access log of the master?
Steps to reproduce the behaviour
- Configure two LDAP servers (one as single master and the other as
dedicated consumer).
- Configure replication between the two servers above.
- Install SAMBA (we are using version 3.3.2 or 3.4.7).
- Configure smb.conf with the following parameters: -- the ldapbackend pointing to the dedicated consumer server. -- ldap passwd sync=Only. -- ldap ssl = start tls (it's necessary).
Thanks in advance,
SIEDN - Diretorio Livre "Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."
"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hello,
we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the server we're getting unusual activity of ns-slapd process - every few seconds it goes from sleep to 100% of cpu time and stays there for a few seconds. I have no idea why, our userroot database is only 30 MB (1500 users, 1000 computers), we're using LDAP just for that. The only thing I changed in the last time is that I added some informations like address, office, position etc. Those fields aren't indexed, can this be a problem?
Bye, Alan
Nevermind, found the problem, nsslapd-cachememsize, changed the size of cache and the process immediately start to work normaly.
Bye, Alan
On 1.4.2010 8:05, Alan Orlič Belšak wrote:
Hello,
we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the server we're getting unusual activity of ns-slapd process - every few seconds it goes from sleep to 100% of cpu time and stays there for a few seconds. I have no idea why, our userroot database is only 30 MB (1500 users, 1000 computers), we're using LDAP just for that. The only thing I changed in the last time is that I added some informations like address, office, position etc. Those fields aren't indexed, can this be a problem?
Bye, Alan
One more question, any recommendations about that? How big should be cache, what to do for better performance, etc?
Bye, Alan
On 1.4.2010 8:59, Alan Orlič Belšak wrote:
Nevermind, found the problem, nsslapd-cachememsize, changed the size of cache and the process immediately start to work normaly.
Bye, Alan
On 1.4.2010 8:05, Alan Orlič Belšak wrote:
Hello,
we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the server we're getting unusual activity of ns-slapd process - every few seconds it goes from sleep to 100% of cpu time and stays there for a few seconds. I have no idea why, our userroot database is only 30 MB (1500 users, 1000 computers), we're using LDAP just for that. The only thing I changed in the last time is that I added some informations like address, office, position etc. Those fields aren't indexed, can this be a problem?
Bye, Alan
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
You may take a look at : http://www.redhat.com/docs/manuals/dir-server/8.1/admin/memoryusage.html
Some nice explications of cache structures and design can also be found on the sun (soon oracle) site : http://docs.sun.com/source/817-5220/caching.html
2010/4/1 Alan Orlič Belšak alan.orlic@zd-lj.si
One more question, any recommendations about that? How big should be cache, what to do for better performance, etc?
Bye, Alan
On 1.4.2010 8:59, Alan Orlič Belšak wrote:
Nevermind, found the problem, nsslapd-cachememsize, changed the size of cache and the process immediately start to work normaly.
Bye, Alan
On 1.4.2010 8:05, Alan Orlič Belšak wrote:
Hello,
we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the server we're getting unusual activity of ns-slapd process - every few seconds it goes from sleep to 100% of cpu time and stays there for a few seconds. I have no idea why, our userroot database is only 30 MB (1500 users, 1000 computers), we're using LDAP just for that. The only thing I changed in the last time is that I added some informations like address, office, position etc. Those fields aren't indexed, can this be a problem?
Bye, Alan
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
thank you.
Bye, Alan
On 1.4.2010 13:09, Andrey Ivanov wrote:
Hi,
You may take a look at : http://www.redhat.com/docs/manuals/dir-server/8.1/admin/memoryusage.html
Some nice explications of cache structures and design can also be found on the sun (soon oracle) site : http://docs.sun.com/source/817-5220/caching.html
2010/4/1 Alan Orlič Belšak <alan.orlic@zd-lj.si mailto:alan.orlic@zd-lj.si>
One more question, any recommendations about that? How big should be cache, what to do for better performance, etc? Bye, Alan On 1.4.2010 8:59, Alan Orlič Belšak wrote: > Nevermind, found the problem, nsslapd-cachememsize, changed the size of > cache and the process immediately start to work normaly. > > Bye, Alan > > On 1.4.2010 8:05, Alan Orlič Belšak wrote: > >> Hello, >> >> we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the >> server we're getting unusual activity of ns-slapd process - every few >> seconds it goes from sleep to 100% of cpu time and stays there for a >> few seconds. I have no idea why, our userroot database is only 30 MB >> (1500 users, 1000 computers), we're using LDAP just for that. The only >> thing I changed in the last time is that I added some informations >> like address, office, position etc. Those fields aren't indexed, can >> this be a problem? >> >> Bye, Alan >> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
For those, who'll find in same position, in Directory server console, inder Data/dc=yourdomain,dc=com/Database settings is Memory available for cache, usually about 10MB. I put that value to 30MB and now is working fine.
Alan
On 1.4.2010 15:32, Alan Orlič Belšak wrote:
Hi,
thank you.
Bye, Alan
On 1.4.2010 13:09, Andrey Ivanov wrote:
Hi,
You may take a look at : http://www.redhat.com/docs/manuals/dir-server/8.1/admin/memoryusage.html
Some nice explications of cache structures and design can also be found on the sun (soon oracle) site : http://docs.sun.com/source/817-5220/caching.html
2010/4/1 Alan Orlič Belšak <alan.orlic@zd-lj.si mailto:alan.orlic@zd-lj.si>
One more question, any recommendations about that? How big should be cache, what to do for better performance, etc? Bye, Alan On 1.4.2010 8:59, Alan Orlič Belšak wrote: > Nevermind, found the problem, nsslapd-cachememsize, changed the size of > cache and the process immediately start to work normaly. > > Bye, Alan > > On 1.4.2010 8:05, Alan Orlič Belšak wrote: > >> Hello, >> >> we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the >> server we're getting unusual activity of ns-slapd process - every few >> seconds it goes from sleep to 100% of cpu time and stays there for a >> few seconds. I have no idea why, our userroot database is only 30 MB >> (1500 users, 1000 computers), we're using LDAP just for that. The only >> thing I changed in the last time is that I added some informations >> like address, office, position etc. Those fields aren't indexed, can >> this be a problem? >> >> Bye, Alan >> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
I managed to made multimaster replication between two master servers. But I have around 20 replicas, should I make all replication agreements also on secon multimaster?
Bye, Alan
On 1.4.2010 15:32, Alan Orlič Belšak wrote:
Hi,
thank you.
Bye, Alan
On 1.4.2010 13:09, Andrey Ivanov wrote:
Hi,
You may take a look at : http://www.redhat.com/docs/manuals/dir-server/8.1/admin/memoryusage.html
Some nice explications of cache structures and design can also be found on the sun (soon oracle) site : http://docs.sun.com/source/817-5220/caching.html
2010/4/1 Alan Orlič Belšak <alan.orlic@zd-lj.si mailto:alan.orlic@zd-lj.si>
One more question, any recommendations about that? How big should be cache, what to do for better performance, etc? Bye, Alan On 1.4.2010 8:59, Alan Orlič Belšak wrote: > Nevermind, found the problem, nsslapd-cachememsize, changed the size of > cache and the process immediately start to work normaly. > > Bye, Alan > > On 1.4.2010 8:05, Alan Orlič Belšak wrote: > >> Hello, >> >> we're using Fedora 1.2.5 with samba 3.5.1 and in the last time on the >> server we're getting unusual activity of ns-slapd process - every few >> seconds it goes from sleep to 100% of cpu time and stays there for a >> few seconds. I have no idea why, our userroot database is only 30 MB >> (1500 users, 1000 computers), we're using LDAP just for that. The only >> thing I changed in the last time is that I added some informations >> like address, office, position etc. Those fields aren't indexed, can >> this be a problem? >> >> Bye, Alan >> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
I have several servers (most replicas) and on each of the server I'm runing administration console. Is it possible to join those consoles to have main access just from primary server? They're all in same domain.
Bye, Alan
Hi - I had a read of the Redhat documentation on cache sizes and tuning and tried tweaking one of my servers as it was setup with the default. The server is a Fedora 10 box with 4GB of RAM so I decided to setup the cache as:
nsslapd-cachememsize = 3145728000 (3GB) nsslapd-dbcachesize = 3670016000 (3.5GB)
But when I restart I get the message: [01/Apr/2010:13:56:30 +0100] - WARNING -- Possible CONFIGURATION ERROR -- cachesize (2072199168) may be configured to use more than the available physical memory. [01/Apr/2010:13:56:30 +0100] - WARNING---Likely CONFIGURATION ERROR---dbcachesize is configured to use more than the available physical memory, decreased to the largest available size (2072199168 bytes). [01/Apr/2010:13:56:30 +0100] - I'm resizing my cache now...cache was 2072203264 and is now 2072199168
Is there a limit of 2GB on the cache sizes? The server has 4GB memory..
I then put the settings down lower to: nsslapd-cachememsize = 1153433600 (1.1 GB) nsslapd-dbcachesize = 1677721600 (1.6 GB)
I then hit it with some big queries to load up the cache and now I get: [01/Apr/2010:14:34:15 +0100] - libdb: txn_checkpoint: failed to flush the buffer cache: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] - Serious Error---Failed to checkpoint database, err=12 (Cannot allocate memory) [01/Apr/2010:14:34:15 +0100] - libdb: malloc: 3145764: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] - libdb: txn_checkpoint: failed to flush the buffer cache: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] memory allocator - calloc of 8194 elems of 4 bytes failed; OS error 12 (Cannot allocate memory) The server has probably allocated all available virtual memory.
When that happened top was reporting the slapd process only using %40 memory and there is nothing else running on this server.
I was trying to do some tuning as these servers are worked quite hard and the "Entry Cache hits" was showing as 0 - I would of expected some hits even with a smallish cache?
Thanks.
Jim.
jim@scusting.com wrote:
Hi - I had a read of the Redhat documentation on cache sizes and tuning and tried tweaking one of my servers as it was setup with the default. The server is a Fedora 10 box with 4GB of RAM so I decided to setup the cache as:
nsslapd-cachememsize = 3145728000 (3GB) nsslapd-dbcachesize = 3670016000 (3.5GB)
But when I restart I get the message: [01/Apr/2010:13:56:30 +0100] - WARNING -- Possible CONFIGURATION ERROR -- cachesize (2072199168) may be configured to use more than the available physical memory. [01/Apr/2010:13:56:30 +0100] - WARNING---Likely CONFIGURATION ERROR---dbcachesize is configured to use more than the available physical memory, decreased to the largest available size (2072199168 bytes). [01/Apr/2010:13:56:30 +0100] - I'm resizing my cache now...cache was 2072203264 and is now 2072199168
Is there a limit of 2GB on the cache sizes? The server has 4GB memory..
See the documentation for your kernel. Even though you have 4GB of memory, on a 32-bit system, the kernel cannot allocate all of it for user processes.
How big is your database? What is the size of your id2entry.db4 file?
You usually want to have your nsslapd-cachememsize large enough to hold your database in memory, if possible. That gives the most boost to performance. You probably want to leave nsslapd-dbcachesize at the default size - it does not impact performance nearly as much.
I then put the settings down lower to: nsslapd-cachememsize = 1153433600 (1.1 GB) nsslapd-dbcachesize = 1677721600 (1.6 GB)
I then hit it with some big queries to load up the cache and now I get: [01/Apr/2010:14:34:15 +0100] - libdb: txn_checkpoint: failed to flush the buffer cache: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] - Serious Error---Failed to checkpoint database, err=12 (Cannot allocate memory) [01/Apr/2010:14:34:15 +0100] - libdb: malloc: 3145764: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] - libdb: txn_checkpoint: failed to flush the buffer cache: Cannot allocate memory [01/Apr/2010:14:34:15 +0100] memory allocator - calloc of 8194 elems of 4 bytes failed; OS error 12 (Cannot allocate memory) The server has probably allocated all available virtual memory.
When that happened top was reporting the slapd process only using %40 memory and there is nothing else running on this server.
I was trying to do some tuning as these servers are worked quite hard and the "Entry Cache hits" was showing as 0 - I would of expected some hits even with a smallish cache?
Let's first figure out how to size your cache appropriately.
The cache starts out empty, so until it becomes populated with entries, your cache hits will be 0.
Thanks.
Jim.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
See the documentation for your kernel. Even though you have 4GB of memory, on a 32-bit system, the kernel cannot allocate all of it for user processes.
How big is your database? What is the size of your id2entry.db4 file?
You usually want to have your nsslapd-cachememsize large enough to hold your database in memory, if possible. That gives the most boost to performance. You probably want to leave nsslapd-dbcachesize at the default size - it does not impact performance nearly as much.
du -h id2entry.db4 2.3G id2entry.db4
OK - so I need the cachememsize to be > 2.3G - I'll have a read about kernel limitations then - I had thought 32bit = 4Gb.
Thanks.
Jim.
On Thursday 01 April 2010 16:31:17 jim@scusting.com wrote:
... more than the available physical memory, decreased to the largest available size (2072199168 bytes).
on 64bit or 32bit?
Peace, R.
Roberto Polli wrote:
On Thursday 01 April 2010 16:31:17 jim@scusting.com wrote:
... more than the available physical memory, decreased to the largest available size (2072199168 bytes).
on 64bit or 32bit?
Peace, R.
Fedora 10 - 32bit: Linux 2.6.27.25-170.2.72.fc10.i686.PAE #1 SMP Sun Jun 21 18:51:33 EDT 2009 i686 i686 i386 GNU/Linux
Jim.
On Thursday 01 April 2010 16:58:18 jim@scusting.com wrote:
on 64bit or 32bit?
Fedora 10 - 32bit: Linux 2.6.27.25-170.2.72.fc10.i686.PAE #1 SMP Sun Jun 21 18:51:33 EDT 2009 i686 i686 i386 GNU/Linux
so that's it.. ;) see rich answer. on 64bit I got no issues.
Peace, R.
389-users@lists.fedoraproject.org