[Fedora-directory-devel] aci cache overflown problem - suggested patch for acl.h
Audun Røe
audun.roe at kantega.no
Tue Mar 31 14:56:10 UTC 2009
Hey,
We're in the process of replacing an old Sun Directory Server 5.2 deployment. In our preliminary tests using FDS 1.1.0 (this was back in Q2 2008 or so), we saw lots of "aci cache overflown" messages in the log for some users, and performance would basically drop to unacceptable levels. I previously posted about the issue to the user-list in early May 2008, though in retrospect the mail probably should've gone here. It's archived at http://www.mailinglistarchive.com/fedora-directory-users@redhat.com/msg02612.html if anyone's interested)
Anyway, searching the cvs tree for the log message and bumping ACLPB_MAX_SELECTED_ACLS from 200 to 2000 just happened to solve our problem. The change was made as a long-shot in the dark without any insight into the code-base, i.e. we don't really have any broad understanding of how and where it's used. It just seemingly works. During our testing, we have not seen side-effects though we don't really have any experience with the unmodified server. It just wasn't usable for us with the legacy ldap-structure we have.
I've attached a patch for the one-line change we made, based on the source RPM for fds-base-1.1.3. What are your thoughts on including this in future revisions? If the patch is unacceptable, would you be more prepared to accept a contribution making this configurable from dse.ldif? Assuming neither option is acceptable and the current value of 200 is locked, I would very much like to hear the reasoning, as obviously, even if things seem to work, the apparent shortage of other people bumping into this problem is slightly worrying (our directory has upwards of 1500 aci attrs - count made with a quick grep -c "aci:" on an ldif exported from the old Sun ldap).
--
Audun Røe
mail: audun.roe at kantega.no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20090331/9a3746b9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aclpb_max_selected_acls.patch
Type: application/octet-stream
Size: 639 bytes
Desc: aclpb_max_selected_acls.patch
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20090331/9a3746b9/attachment.obj>
More information about the Fedora-directory-devel
mailing list