[Date Prev][Date Next] [Chronological] [Thread] [Top]

Privileged connections in back-ldap/back-meta

I'm facing the problem of having too many threads operating on the same privileged connections in back-ldap/back-meta, which seems to cause poor scalability. This mainly occurs because we want all operations to be performed as a privileged identity with proxyAuthz. For this purpose I plan to move privileged connections out of the connection AVL tree into ldapinfo_t, so that we save a search in the tree, and keep multiple instances of privileged connections in a LDAP_TAILQ structure of fixed maximum length to use them round-robin. Each type of privileged connection uses a dedicated list, so in our case we basically keep two lists: one for the privileged user and one for binds, which are now serialized into one privileged connection since all subsequent operations use proxyAuthz. A prototype is being tested, which doesn't work too bad (scalability did not dramatically improve yet, so there might be other bottlenecks, but at least some repeatable transient hangs disappeared). Comments?


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it