#3 acl cache overflown problem
Closed: wontfix None Opened 10 years ago by nturpin.

The problem was originally described here: http://lists.fedoraproject.org/pipermail/389-devel/2009-March/001020.html

Shorter description: we noticed that some queries (ldapsearch) to our directory caused a drop in performance, and our log file was filled with the following message:

acl_TestRights - cache overflown

We also noticed that increasing the value ACLPB_MAX_SELECTED_ACLS from 200 to 2000 solved the problem for us. A more permanent solution could be to make this value configurable.

We have made a patch that seems to solve the problem, as far as we have tested. I will upload it as soon as it is ready for review.

To ssh://git.fedorahosted.org/git/389/ds.git
62e93bc..0070a45 master -> master
commit changeset:0070a45/389-ds-base
Author: nturpin nadia.rincon.turpin@kantega.no
Date: Tue Dec 27 21:31:53 2011 +0100

Ticket #3: acl cache overflown problem

Fix Description: We have made ACLPB_MAX_SELECTED_ACLS and ACLPB_MAX_CACHE_RE

SULTS configurable.
Their default value is still 200 (same as before). To modify this value,
you can add or
modify the attribute "nsslapd-aclpb-max-selected-acls" in the ACL plugin
config entry "cn=ACL Plugin,cn=plugins,cn=config".

    - The constants were replaced with variables (same name in lower case)
    - On init: the variables are initialized with the value contained in the

attribute, if it exists in config. Otherwise they are set to the defau
lt value.
- The arrays that depend on these values are now dynamically allocated
- On init: acl__malloc_aclpb ( )
- On pre-operation: acl_conn_ext_constructor ( ... )
- The memory is freed:
- On shutdown: acl_destroy_aclpb_pool()
- On post-operation: acl_conn_ext_destructor ( ... )
- I also free the space for aclQueue in acl_destroy_aclpb_pool(), since
it seems
it is not done anywhere.

Platforms tested: Fedora 16, RHEL6
Reviewed by: rmeggins (and changed name of attribute slightly)

Added initial screened field value.

Metadata Update from @nturpin:
- Issue assigned to rmeggins
- Issue set to the milestone: 1.2.10

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/3

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 years ago

Login to comment on this ticket.