On Tue, 2024-12-31 at 09:39 +0200, Alexander Bokovoy via FreeIPA-users wrote: > > The sequence above is doing LDAP+startTLS and then does simple LDAP > bind > as an admin user account. > > Nothing in FreeIPA would be using 'admin' user account to talk to > LDAP > directly over LDAP+startTLS. It looks like a third-party tool > configured > to connect to LDAP with admin's DN.
OK. I will try to hunt it down. I have an idea… > What I see here and in searches below is something probing an entry > with > each individual attribute in a separate LDAP search, making it a > waste > of resources. > > FreeIPA does not use primaryGroupID attribute in its schema. Whoever > is > asking for it, it is Active Directory oriented. But why would *searches* cause such a constant and heavy *write* load? Surely that would be heavy *read* load wouldn't it? Is it possible that the high write load is unrelated to these searches? The size of the database file is also concerning. Per my original message, /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb/1e5e4f8c-82ed11ec- 88b1dfba-ae19c7b5_61e5b9dd000000040000.db has grown from 121,634,816 bytes on Aug 27 2022 to 1,105,944,576 on Dec 12 2024. That's a 10x increase in just over a year, on a very small installation! Is that growth trend normal? Is it unrelated to the high write I/O that is going on here? Maybe approaching this problem from the database growth might shed more light on why dirsrv is writing so much? FWIW, I have database files pretty much daily for the last 30 days, and weekly for the 12 weeks prior to that and monthly for the 12 months prior to that, so we should be able to do some analysis about what is making that database grow over time. Cheers, b.
signature.asc
Description: This is a digitally signed message part
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
