Re: [Pki-users] partition dogtag data in the ldap server?
Alexander,
Can you define "hard to handle"? What version of Dogtag are you using? Are you
running into performance degradation? Unfortunately, it likely won't be too easy to
segregate this data. In dogtag 10.2 there should be a scheduled job that regularly runs
through and removes all expired certs:
jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
Thanks in advance.
-- Dave
----- Original Message -----
From: "Alexander Jung" <alexander.w.jung(a)gmail.com>
To: "pki-users(a)redhat.com" <Pki-users(a)redhat.com>
Sent: Thursday, July 9, 2015 7:44:17 AM
Subject: [Pki-users] partition dogtag data in the ldap server?
Hi,
we have a rather large dogtag install here and the ldap-info is
getting hard
to handle (right now in the ~75Gb range).
Are there any recomended ways to partition the data ? I am thinking
of
migrating all expired and revoked certificates to a chainend ldap-instance
and keep only the "valid" certificates data in direct access to the CA
instances.
The migration from the "valid" partition to the
"expired" partition will have
to be done outside of dogtag and the 389ds-ldaps, probably by a script at
night (it probably could be integrated into the expire runs the dogtag does,
although)
Has a thing like this been done yet? What were the experiences ? What
sould I
look out for ?
Mit freundlichen Grüßen,
Alexander Jung
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- attachment.html (text/html — 2.3 KB)