On 03/21/2013 02:05 PM, Jeffrey Dunham wrote:
I have run into a bug that is still open several times now causing
large problems in our LDAP Service.
https://fedorahosted.org/389/ticket/346
We have group updates that are very large in size (20k+ records) and
while we're specifically targeting the engineering group responsible,
there is nothing to stop another group to write bad code and abuse our
service. When the large update occurs during replication of the group
from our master to our search fleet we often miss SLAs on replication
and search latency because the boxes go under such heavy load.
Is there a way on our master servers we can block people from
preforming such updates? Either to discard and error on the write or
just drop that traffic all together. I'm open to any sort of
suggestion this list might have to offer.
You could use nsslapd-maxbersize to reject packets that are larger than
a certain size:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_maxbersize_Maximum_Message_Size
-Jeff
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
