[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dynamic group perfs
Am Tue, 07 May 2013 09:36:45 +0400
schrieb Jephte Clain <jephte.clain@univ-reunion.fr>:
> hello all,
>
> I have a weird perf problem with a dynamic group. I wonder if it is
> normal, and if I can improve the situation. jump to the line marked
> "-------------> for the impatients, JUMP HERE :-)" if you want to
> skip the details
>
> This is openldap 2.4.35 on debian 6 (built from source with debian
> defaults and patches)
>
> here the relevant configuration:
> ------------ 8< ------------
> dn: cn=module{0},cn=config
> ...
> olcModuleLoad: {4}dynlist.la
>
> dn: olcDatabase={2}hdb,cn=config
> ...
> olcDbCacheSize: 4096
> olcDbCheckpoint: 1024 10
> olcDbConfig: {0}set_cachesize 2 0 0
> olcDbConfig: {1}set_lk_max_objects 32768
> olcDbConfig: {2}set_lk_max_locks 32768
> olcDbConfig: {3}set_lk_max_lockers 1500
> olcDbConfig: {4}set_lg_dir /var/lib/ldap/logs/dc=univ-reunion,dc=fr
> olcDbConfig: {5}set_lg_regionmax 262144
> olcDbConfig: {6}set_lg_bsize 524288
> olcDbIDLcacheSize: 12288
>
> dn: olcOverlay={2}dynlist,olcDatabase={2}hdb,cn=config
> ...
> olcDlAttrSet: {0}groupOfURLs memberURL member
> ------------ 8< ------------
>
> and the definition of the dynamic group:
> ------------ 8< ------------
> dn: cn=users,ou=groups,ou=eduspot,dc=univ-reunion,dc=fr
> objectClass: groupOfURLs
> memberURL: ldap:///ou=users,ou=cas,dc=univ-reunion,dc=fr??one?(uid=*)
> memberURL:
> ldap:///ou=webaccounts,dc=univ-reunion,dc=fr??one?(&(uid=*)(runUnivCategorie=inconnu)(!(runUnivAuthorization=webaccounts:disabled)))
> ------------ 8< ------------
> this result in a dynamic group with 45000 members
>
> I dont know how the final application will use the dynamic group, but
> I did some tests on my own.
> now for the perf tests:
>
> $ time ldapsearch -LLL -H "ldap://localhost"; -x -D
> cn=admin,dc=univ-reunion,dc=fr -wadmin -b
> ou=users,ou=cas,dc=univ-reunion,dc=fr "(uid=*)" dn >/dev/null
> real 0m1.025s
> user 0m0.096s
> sys 0m0.196s
>
> $ time ldapsearch -LLL -H "ldap://localhost"; -x -D
> cn=admin,dc=univ-reunion,dc=fr -wadmin -b
> ou=webaccounts,dc=univ-reunion,dc=fr
> "(&(uid=*)(runUnivCategorie=inconnu)(!(runUnivAuthorization=webaccounts:disabled)))"
> dn >/dev/null
> real 0m0.043s
> user 0m0.004s
> sys 0m0.004s
>
> $ time ldapsearch -LLL -H "ldap://localhost"; -x -D
> cn=admin,dc=univ-reunion,dc=fr -wadmin -b
> ou=groups,ou=eduspot,dc=univ-reunion,dc=fr "(cn=users)" member
> >/dev/null real 0m34.334s
> user 0m0.024s
> sys 0m0.000s
>
> -------------> for the impatients, JUMP HERE :-)
>
> It needs more than 30 seconds to build the dynamic group! and this is
> the case every time I do the search
>
> For the sake of it, I made a static group with 45000 member, and it
> takes 0.037 seconds for the search
>
> So my question is: is it normal for the dynamic group to be so slow
> to be built? is there something I can do?
>
> thanks in advance for your answers! best regards,
No, it is not normal. You probabely should search the base only and not
a subtree. The result of some 30.000 entries:
ldapsearch -x -H ldap://myhost -b cn=myDynamicGroup,o=avci,c=de -s base
"(objectClass=*)" member > /dev/null
real 0m0.300s
user 0m0.007s
sys 0m0.003s
-Dieter
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E