Re: Centralized LDAP Authentication or Kerberos+LDAP Authentication

[Tony Earnshaw <tonye@billy.demon.nl>]

man, 23.08.2004 kl. 01.34 skrev Rich Graves:

[...]
> > Please read RedHat's /etc/rc.d/init.d/functions yet again and look for
> > the function 'killproc'.
> 
> Yes. Upon rereading, it's not as bad as I thought, but still has a 
> potential problem.
> 
> It allows 5 seconds for TERM to work and then runs KILL.

Agree that's a bit short for some utilities.

> "Corruption" is an exaggeration. The behavior I was seeing before changing
> the "killproc" line to "killall -w -HUP slapd; killproc slapd" is that
> db_recover was required and when run would rolled back the last few
> transactions with each server restart.

I'm running 2.2.15, also at client sites. I started OL with ~2.1.6, and
with every version previous to ~2.2.13 I always had corruption problems
on frequent shutdowns, but that's history now :)

> It's possible I have something else wrong, so here is
> 
> DB_CONFIG:
> set_cachesize 0 209715200 0
> set_lg_regionmax        131072
> set_lg_bsize            2097152

The above looks o.k. and the values are almost what I use for 1-2GB RAM
and around 1100 users plus comprehensive indexing - but each config is
highly individual.

> set_lg_dir              /var/lib/ldap/bdb-logs

Putting logs elsewhere than in the data directory has always led to
tears, so I don't do that any more.

> slapd.conf:
> database        bdb
> directory       /var/lib/ldap
> checkpoint 1024 5
> cachesize 10000

O.k.

> idlcachesize 20000

Bit large?

> replogfile     /var/lib/ldap/slave.replog
> replica-pidfile /var/run/openldap/slurpd.pid
> replica-argsfile /var/run/openldap/slurpd.args
> replica uri=ldap://[snipped]

--Tonni

-- 
My other notebook, a Compaq 700EA, is what my cats jump off my knee and
go and sit on, when they've had enough.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl