[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slow adding attributes to attribute-heavy entry

To: openldap-software@OpenLDAP.org
Subject: Slow adding attributes to attribute-heavy entry
From: "Tom Rowlands" <tomr_noip@hotmail.com>
Date: Sun, 18 Jul 2004 21:34:01 +1000

Hi,

Setting up smbldap-tools (smbldap_tools.pm,v 1.36) along with Samba
(3.0.2a) and OpenLDAP (2.1.26) has been great so far. Unfortunately, I
have hit a problem when I try and add lots of users. smbldap-tools
adds a memberUid attribute to an entry per user. For example, I have
the entry cn=Students,ou=Groups,dc=internal for my Students group:

dn: cn=Students,ou=Groups,dc=internal
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Students
gidNumber: 1000
memberUid: rowlat
memberUid: ADAMSR
memberUid: ADAMSS
memberUid: ADHAMB
memberUid: AKBARN
memberUid: ALEERP
...

There are many hundreds of users and they each get an entry in
cn=Students,ou=Groups,dc=internal. Unfortunatly, this seems to slow
OpenLDAP down a /lot/. The only operation that slows down is the
adding of a user to a group with many other users. Querys and other
database writes are still lightening fast. That is, the only OpenLDAP
operation that is slow is adding a new attribute to an entry that
already has many attributes. Is this to be expected? It is visible in
the logs:

Jul 18 19:25:07 localhost slapd[16266]: conn=1836 fd=30 ACCEPT from IP=172.16.0.2:34761 (IP=0.0.0.0:389) Jul 18 19:25:07 localhost slapd[16321]: conn=1836 op=1 BIND dn="cn=smbldap-tools,ou=DSA,dc=internal" method=128 Jul 18 19:25:07 localhost slapd[16321]: conn=1836 op=1 BIND dn="cn=smbldap-tools,ou=DSA,dc=internal" mech=SIMPLE ssf=0 Jul 18 19:25:07 localhost slapd[16321]: conn=1836 op=1 RESULT tag=97 err=0 text= Jul 18 19:25:27 localhost slapd[24807]: conn=1836 op=2 MOD dn="cn=Students,ou=Groups,dc=internal" Jul 18 19:25:27 localhost slapd[24807]: conn=1836 op=2 MOD attr=memberUid ... Jul 18 19:26:28 localhost slapd[24807]: conn=1836 op=2 RESULT tag=103 err=0 text=

An interesting symptom is that when adding a user to a group (and
therefore adding an attribute to an already attribute-heavy entry) the
LDAP server seems to sit completely idle for almost the
duration. Running `time' from the shell shows that while adding the
user took say, one minute `real' (wall) time there was only a few
seconds of user (and far less system) time used.

Finally, if I add many users to a group using an LDIF (rather than one
by one when the user is created with smbldap-useradd) the process
takes far less time per user. For example, adding a single user to a
single group with an LDIF might take one minute, but adding one
hundred (100) users to a group takes one minute thirty.

Can anyone suggest what the problem might be? My indexing is setup
like this:

index      objectClass,uidNumber,gidNumber                  eq
index      cn,sn,uid,displayName                            pres,sub,eq
index      memberUid,mail,givenname                         eq,subinitial
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

cachesize 10000

I'm using a bdb backend and also StartTLS.

Thanks for any pointers in the right direction.

Cheers,

--

Tom Rowlands
<mailto:tom_noip@hotmail.com>
(Sorry, I can't sign this.)

_________________________________________________________________ Play Love Hunt to win a $9000 holiday and find love! http://mobilecentral.ninemsn.com.au/mclovehunt/lovehunt.aspx

Follow-Ups:
- Re: Slow adding attributes to attribute-heavy entry
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: >= (greater or equal) and <= (lower or equal) operators in
Next by Date: Re: Slow adding attributes to attribute-heavy entry
Index(es):
- Chronological
- Thread