Before recompiling etc, I would start with the FAQ entry on Performance Tuning http://www.openldap.org/faq/data/cache/190.html
For examnple, figure out what operations the auth process performs, and add indexes to support those operations in particular.
As for scalability, I doubt that a mere 25K of users doing read operations will overload your hardware. Writes and complex searches are another matter. And what about availability -- what are you going to do if that server fails?
From: Denny Snyder [mailto:DSnyder@suscom.com]
Sent: Friday, April 05, 2002 12:35 PM
Subject: OpenLDAP performance tuning and scalability
I finally got OpenLDAP authentication to work under RedHat Linux 7.2 (with all the updates).... Unfortunately, during the auth process my cpu utilization goes through the roof on my dual PIII 933 test box (with 1Gb of RAM and 397 Gb of Diskspace - mostly on /home)... I see 3 slapd processes that utilize over 89% on one CPU and 79% on the other (combined) during the auth and then it calms down.... and the auth takes almost 15 seconds!
I can't have this.... I need to move away from a flat file user system (I have 25K+ users right now) and move to a centralized auth that can handle the pop3, ftp, ssh, and postscript auth requests without killing the system..... and OpenLDAP seems to be the only route to go to since there are a boatload of nice migration and maintenance/management utilities. I've since removed OpenLDAP and installed IBM's SecureWay LDAP Server but it doesn't have the object classes and attributes built in that OpenLDAP does.....
I used the RPM's to install OpenLDAP.... are there any tuning parameters that I can use to speed things up a bit? If I compile the source, are there any compile-time options that would help this out? I really love OpenLDAP's simplicity of install and configuration - but I'm growing user accounts like crazy and I need to be able to authenticate a boatload of them simultaneously, constantly, and quickly without driving my processors into the red.
Also, (as if this weren't enough), I was curious if there is anything out there that could read in an existing LDAP directory and create home directories based on the users found..... I don't want any entries created in /etc/passwd or /etc/group.... just the creation of the home directories.... My reason is that I have 3 servers.... 1 is my main POP3 server (Quad PIII Xeon, 2Gb RAM, 700+Gb storage on /var using mbox mail storage) running QPopper and Postfix (incoming from a mail relay only), another is running Postfix for my SMTP-Relay host, and the third is going to be my user webspace server... The user webspace server needs the home directories in order for my User_Dir setup to work.... Right now all the users exist in flat files on the POP server.... All are running RedHat 7.2 with all updates.
Sorry this is so long winded.... I would really LOVE to use OpenLDAP but only if it can be tuned for high performance and scalability.....
Thanks for any advice in advance!
1050 E. King St
York, PA 17403
"Nothing in life is worse than SPAM.... well.... maybe cold coffee! (or Lutefisk?)" ;)