[Date Prev][Date Next]
Re: OpenLDAP performance tuning and scalability
>I finally got OpenLDAP authentication to work under RedHat Linux 7.2
>(with all the updates).... Unfortunately, during the auth process my
>cpu utilization goes through the roof on my dual PIII 933 test box
>(with 1Gb of RAM and 397 Gb of Diskspace - mostly on /home)... I see 3
>slapd processes that utilize over 89% on one CPU and 79% on the other
>(combined) during the auth and then it calms down.... and the auth
>takes almost 15 seconds!
You may need to diddle with sysctl settings. RH boxes (IMHO) don't
default to real server-like settings. see -
Do you have an index on objectclass, uid, uidNumber, gidNumber, gid, and
Try rebuilding your indexes with slapindex
I am growing a performance tuning section in my LDAP presentation -
>I can't have this.... I need to move away from a flat file user system
>(I have 25K+ users right now) and move to a centralized auth that can
>handle the pop3, ftp, ssh, and postscript auth requests without killing
>the system..... and OpenLDAP seems to be the only route to go to since
>there are a boatload of nice migration and maintenance/management
>utilities. I've since removed OpenLDAP and installed IBM's SecureWay
>LDAP Server but it doesn't have the object classes and attributes built
>in that OpenLDAP does.....
Try increasing your dbcachesize?
Do you have the LDAP db in it's own filesystem? If it is ext3 try
setting data=journal. OpenLDAP fsync()s alot and that can REALLY help.
Also try moving the journal to a driver other than the one the actual db
Set noatime on the db filesystem
>I used the RPM's to install OpenLDAP.... are there any tuning parameters
>that I can use to speed things up a bit? If I compile the source, are
>there any compile-time options that would help this out? I really love
>OpenLDAP's simplicity of install and configuration - but I'm growing
>user accounts like crazy and I need to be able to authenticate a
>boatload of them simultaneously, constantly, and quickly without
>driving my processors into the red.
You need LOTS of simultaneous connections, what is your "threads"
>Also, (as if this weren't enough), I was curious if there is anything out
>there that could read in an existing LDAP directory and create home
>directories based on the users found..... I don't want any entries
>created in /etc/passwd or /etc/group.... just the creation of the home
You want pam_mkhomedir