On 28.07.20 03:57, William Brown wrote:
On 28 Jul 2020, at 08:11, Winstanley, Anthony <winstan@xxxxxxxxx> wrote:
Hello,
We’ve got a large 389ds installation and have run into issues with ACIs not always behaving as expected. Where an ACI working on one node is not doing anything at all on a replicated node. Sometimes reducing the number of ACIs fixes the issue. Sometimes restarting a node fixes it. I have not found anything in an error log that has given me any pointers as to what the problem(s) might be.
So my questions:
Are there config attributes that control the working of ACIs? What are they and how should they be used?
Are there any limitations for the number and size of ACIs per 389ds instance or database?
No there are no limits I am aware of.
There is a limit of selected acis: aclpb_max_selected_acls
It is using the default of
#define DEFAULT_ACLPB_MAX_SELECTED_ACLS 200
or the value from "nsslapd-aclpb-max-selected-acls"
Is there any best practices for troubleshooting ACI issues (like where some work on one server but not another)? Am I missing a log file somewhere?
Is there any documentation to consult specific to ACI operation? (Beyond syntax…) Source code even?
To really answer this and help you we need to know:
* What distro you are running
* What version of 389-ds (`rpm -qa | grep -i 389` for example)
* How many ACI's you have in your database (ldapsearch -H ldaps://... -x -b 'your dn' -D 'cn=Directory Manager' -w (aci=*) aci ). Please confirm this on all servers in the replication topology.
* An example of the ACI that is failing on one server but works on the other, and sample entries about what they are trying to access or achieve
Thanks,
Thanks,
Anthony Winstanley
The University of British Columbia
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
