On 01/14/2010 02:00 AM, Fazli wrote: > Hi, > > I'm currently making use of the DNA plugin to assign unique values for > the 'uidNumber' attribute for new POSIX users, which (from what I > understand) is the 'ideal' configuration in a large, corporate > environment. > > I decided to run a stress test by adding about twenty thousand users > via the ldapadd command. After about the 3995th user, the server > returned the following error for the 3996th: > > adding new entry "uid=test3996,ou=People,dc=example,dc=com > ldapadd: Operation error (1) > additional info: Allocation of a new value for uidNumber failed! > Unable to proceed. > > I attempted to add the 3996th user myself through the 389 DS > Management Console, and it returned the following error: > > Cannot save to directory server: > netscape.ldap.LDAPException: error result (1); Allocation of a new > value for uidNumber failed! Unable to proceed.; Operations error You need to index the uidNumber attribute. The DNA plug-in does an internal search using the server-side sort control to check if the next supposed free value has already been used. This requires the attribute to be indexed for it to work properly once you pass a threshold number of matches (the nsslapd-idlistscanlimit setting, which is 4000 by default). Since the values being sorted are integers, you should also be using the integerOrdering match matching rule when you define the index. Here's an example of the index configuration entry that you would need: dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=config objectclass: top objectclass: nsIndex cn: uidnumber nsSystemIndex: false nsIndexType: eq nsMatchingRule: integerOrderingMatch Please see this chapter from the Red Hat Directory Server Administration Guide for details about creating indexes: http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Indexes.html > > These are my current DNA settings: > > dn: cn=Account UIDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config > cn: Account UIDs > dnafilter: (objectClass=posixAccount) > dnamagicregen: 0 > dnamaxvalue: -1 > dnanextvalue: 13003 > dnarangerequesttimeout: 60 > dnascope: dc=nsn,dc=com,dc=sg > dnasharedcfgdn: cn=Account UIDs,ou=Ranges,dc=nsn,dc=com,dc=sg > dnathreshold: 1 > dnatype: uidNumber > objectClass: top > objectClass: extensibleObject > > I find that if I delete the 3995th user, and set the 'dnanextvalue' > attribute of the DNA configuration entry to '13002', the plugin > doesn't throw the above exception. It just doesn't seem to be able to > assign the 13003th uidNumber. > > I've also tried restarting the server, as well as updating the > libraries from the repositories, with the same results. > > I'm running 389 DS on CentOS, kernel version 2.6.18-164.6.1.el5, if it > helps. > > Regards, > Fazli > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100114/4d56b0dc/attachment.html
