Hey, We're in the process of replacing an old
Sun Directory Server 5.2 deployment. In our preliminary tests using FDS 1.1.0
(this was back in Q2 2008 or so), we saw lots of "aci cache
overflown" messages in the log for some users, and performance would
basically drop to unacceptable levels. I previously posted about the issue to
the user-list in early May 2008, though in retrospect the mail probably
should've gone here. It's archived at http://www.mailinglistarchive.com/fedora-directory-users@xxxxxxxxxx/msg02612.html
if anyone's interested) Anyway, searching the cvs tree for the log
message and bumping ACLPB_MAX_SELECTED_ACLS from 200 to 2000 just happened to solve
our problem. The change was made as a long-shot in the dark without any insight
into the code-base, i.e. we don't really have any broad understanding of how and
where it's used. It just seemingly works. During our testing, we have not seen
side-effects though we don't really have any experience with the unmodified
server. It just wasn't usable for us with the legacy ldap-structure we have. I've attached a patch for the one-line
change we made, based on the source RPM for fds-base-1.1.3. What are your
thoughts on including this in future revisions? If the patch is unacceptable, would
you be more prepared to accept a contribution making this configurable from
dse.ldif? Assuming neither option is acceptable and the current value of 200 is
locked, I would very much like to hear the reasoning, as obviously, even if
things seem to work, the apparent shortage of other people bumping into this
problem is slightly worrying (our directory has upwards of 1500 aci attrs - count
made with a quick grep -c "aci:" on an ldif exported from the old Sun
ldap). -- Audun Røe mail: audun.roe@xxxxxxxxxx |
Attachment:
aclpb_max_selected_acls.patch
Description: aclpb_max_selected_acls.patch
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel