[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Watch your LDAP locks

To: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Subject: Watch your LDAP locks
From: Steve Hillman <hillman@sfu.ca>
Date: Fri, 1 Aug 2008 13:45:14 -0700 (PDT)

Hi folks,
This list has been pretty quiet lately, so I thought I'd share a little nugget of info we came upon this week.

If you have a fairly large LDAP directory, or large objects (e.g. distribution lists with lots of members), you may encounter lock issues with Zimbra's LDAP directory. The default settings allow for 3000 locks and 1500 locked objects. While I'm not clear on exactly how this relates to the size of the objects in the directory, it's something worth watching if you're of any size.

We encountered LDAP lock errors this week when trying to restore a user's data. It was failing to add the user to our "all-employees" distribution list. You can find out how many locks you're allowed, and how many is the maximum your LDAP server has ever used, by becoming the zimbra user, then "cd /opt/zimbra/openldap-data" and "db_stat -c". Ours showed that we'd hit the limit at least once before (compare the "maximum locks" numbers to the "maximum locks..possible" numbers). I modified DB_CONFIG (in that same directory) to triple the limits then restarted ldap. A few minutes later I ran the db_stat command again and we'd already used more locks than the previous limit had been set to, so we're not sure what other things may have been failing in the past. In any case, once the lock limit was raised, our restore succeeded.

--
Steve Hillman IT Architect
hillman@sfu.ca IT Infrastructure
778-782-3960 Simon Fraser University

Follow-Ups:
- Re: Watch your LDAP locks
  - From: Tom Golson <tgolson@tamu.edu>
- Re: Watch your LDAP locks
  - From: Lalit Jairath <ljairath@uoguelph.ca>

Prev by Date: Shibboleth 2.0?
Next by Date: Re: Watch your LDAP locks
Previous by thread: Shibboleth 2.0?
Next by thread: Re: Watch your LDAP locks
Index(es):
- Date
- Thread