Environment
Novell eDirectory 8.7.3.9 for All Platforms
Novell eDirectory 8.7.3.10 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell GroupWise 7
Novell NetWare 6.5 Support Pack 6
Novell Open Enterprise Server 2 (OES 2)
NDS Synchronization defined for multiple GroupWise MTAs
More then 1000 Inherited ACLs on every partition on the OU object
Novell eDirectory 8.7.3.10 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell GroupWise 7
Novell NetWare 6.5 Support Pack 6
Novell Open Enterprise Server 2 (OES 2)
NDS Synchronization defined for multiple GroupWise MTAs
More then 1000 Inherited ACLs on every partition on the OU object
Situation
Users are experiencing slow login.
Utilization on server holding replica is high.
LDAP performance is slow.
Synchronization of changes, deletion and new created objects in edirectory is slow.
Utilization on server holding replica is high.
LDAP performance is slow.
Synchronization of changes, deletion and new created objects in edirectory is slow.
Resolution
There are many possible causes of this issue. This TID describes
only one possible cause.
Check with iManager or ConsoleOne how many MTAs are trustee of the root object. Every MTA that is member, will create between 40 and 50 inherited ACLs entries, that will be synchronized to all OUs that are partition root. You only need 1 MTA to perform the NDS Synchronization in GroupWise. The preferred domain for this is the primary domain.
To remove unneeded MTAs you can simply deleted them from the trustee list of the ROOT. This will be synchronized to all other partitions and remove the unneeded ACLs.
You can also check with iMonitor how many inherited ACLs are on a partition root. When you are logged in to iMonitor, select a OU that is partition root. In the left pane select Entry Information. In the left panel under Attributes you will find Inherited ACLs. When you click on this, all Inherited ACLs are being displayed. You also will see a count number.
Check with iManager or ConsoleOne how many MTAs are trustee of the root object. Every MTA that is member, will create between 40 and 50 inherited ACLs entries, that will be synchronized to all OUs that are partition root. You only need 1 MTA to perform the NDS Synchronization in GroupWise. The preferred domain for this is the primary domain.
To remove unneeded MTAs you can simply deleted them from the trustee list of the ROOT. This will be synchronized to all other partitions and remove the unneeded ACLs.
You can also check with iMonitor how many inherited ACLs are on a partition root. When you are logged in to iMonitor, select a OU that is partition root. In the left pane select Entry Information. In the left panel under Attributes you will find Inherited ACLs. When you click on this, all Inherited ACLs are being displayed. You also will see a count number.