The problem was originally described here: http://lists.fedoraproject.org/pipermail/389-devel/2009-March/001020.html
Shorter description: we noticed that some queries (ldapsearch) to our directory caused a drop in performance, and our log file was filled with the following message:
acl_TestRights - cache overflown
We also noticed that increasing the value ACLPB_MAX_SELECTED_ACLS from 200 to 2000 solved the problem for us. A more permanent solution could be to make this value configurable.
We have made a patch that seems to solve the problem, as far as we have tested. I will upload it as soon as it is ready for review.
attachment 0001-Ticket-3-acl-cache-overflown-problem.patch
To ssh://git.fedorahosted.org/git/389/ds.git 62e93bc..0070a45 master -> master commit changeset:0070a45/389-ds-base Author: nturpin nadia.rincon.turpin@kantega.no Date: Tue Dec 27 21:31:53 2011 +0100
Ticket #3: acl cache overflown problem Fix Description: We have made ACLPB_MAX_SELECTED_ACLS and ACLPB_MAX_CACHE_RE
SULTS configurable. Their default value is still 200 (same as before). To modify this value, you can add or modify the attribute "nsslapd-aclpb-max-selected-acls" in the ACL plugin config entry "cn=ACL Plugin,cn=plugins,cn=config".
- The constants were replaced with variables (same name in lower case) - On init: the variables are initialized with the value contained in the
mentioned attribute, if it exists in config. Otherwise they are set to the defau lt value. - The arrays that depend on these values are now dynamically allocated - On init: acl__malloc_aclpb ( ) - On pre-operation: acl_conn_ext_constructor ( ... ) - The memory is freed: - On shutdown: acl_destroy_aclpb_pool() - On post-operation: acl_conn_ext_destructor ( ... ) - I also free the space for aclQueue in acl_destroy_aclpb_pool(), since it seems it is not done anywhere.
Platforms tested: Fedora 16, RHEL6 Reviewed by: rmeggins (and changed name of attribute slightly)
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=772778
Added initial screened field value.
Metadata Update from @nturpin: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.10
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.