Environment
Novell eDirectory 8.8.x for All Platforms
Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 1 (OES 1) Linux Support Pack 1
Novell Open Enterprise Server 1 (OES 1) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 1 (OES 1) Linux Support Pack 1
Novell Open Enterprise Server 1 (OES 1) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Situation
This problem can occur on heavily used LDAP and eDirectory servers:
NLDAP servers may suffer with:
NLDAP servers may suffer with:
- high utilization
- high nds thread counts
- high memory consumption
- server busy packets
- etc.
Resolution
By default, and OES server's LUM is configured to use persistent
search. This can cause very high volumes of ldap traffic to
be fired off at the target eDirectory server.
Edit the /etc/nam.conf
Change
persistent-search=Yes
to
persistent-search=no
Then at the server console, restart the following services for the settings to take effect, and to clean up any possibly defunct threads, such as in owcimomd.
rcndsd restart
rcnamcd restart
rcnscd restart
rcowcimomd restart
This will stop the excessive ldap traffic.
***Note****
You can also disable Persistent Searches on the ldap server object, then restart the above services Any service trying to use a persistent connection will fail with a error 80 message. This will make it easier to identify the problem LUM servers.
Edit the /etc/nam.conf
Change
persistent-search=Yes
to
persistent-search=no
Then at the server console, restart the following services for the settings to take effect, and to clean up any possibly defunct threads, such as in owcimomd.
rcndsd restart
rcnamcd restart
rcnscd restart
rcowcimomd restart
This will stop the excessive ldap traffic.
***Note****
You can also disable Persistent Searches on the ldap server object, then restart the above services Any service trying to use a persistent connection will fail with a error 80 message. This will make it easier to identify the problem LUM servers.
Additional Information
Note: By setting persistent-search to no, this causes LUM changes to happen more slowly, which can be a security concern. For example, if you remove an admin from a LUM group, it would take at least 28800 seconds for the admin to be removed. You can offset that by also changing the following in the nam.conf. The following has been verified by Novell NTS and should have no adverse effects:
persistent-cache-refresh-period=3600
(The default setting for this 28800 seconds. 3600 is reasonable value to try)
persistent-cache-refresh-flag=accessed
(The default setting for this all)
Note: If the servers in question are part of a cluster, use the following procedures to stop the services, make the changes, and then restart the services:
1. If a member of a cluster, migrate resources off; cluster leave; rcnovell-ncs stop
2. rcowcimomd stop
3. rcnscd stop
4. rcnamcd stop
5. rcndsd restart
6. rcnamcd start
7. rcnscd start
8. rcowcimomd start
9. rcnovell-ncs start, migrate appropriate resources back
persistent-cache-refresh-period=3600
(The default setting for this 28800 seconds. 3600 is reasonable value to try)
persistent-cache-refresh-flag=accessed
(The default setting for this all)
Note: If the servers in question are part of a cluster, use the following procedures to stop the services, make the changes, and then restart the services:
1. If a member of a cluster, migrate resources off; cluster leave; rcnovell-ncs stop
2. rcowcimomd stop
3. rcnscd stop
4. rcnamcd stop
5. rcndsd restart
6. rcnamcd start
7. rcnscd start
8. rcowcimomd start
9. rcnovell-ncs start, migrate appropriate resources back