[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP performance tuning and scalability

Thanks for the info....  I've given the IBM SecureWay LDAP server the boot.....  way too much schema and ObjectClass modifications needed.....  and I'm too much of an LDAP newbie to get far with that.....

I never did specify any indexes in the config file nor created any indexes.....  (duh on my part.....)

I do plan on replicating to another server once everything is working like it should.....


Thanks again!!!

Denny Snyder
Network Engineer
Susquehanna Communications
1050 E. King St
York, PA 17403
Office: (717)771-2613
Fax:    (717)843-5400
dsnyder@suscom.com
postmaster@suscom.net
"Nothing in life is worse than SPAM....  well.... maybe cold coffee! (or Lutefisk?)"  ;)

>>> "Oberwetter, josh" <joberwetter@grownetwork.com> 04/05/02 12:50PM >>>
Before recompiling etc, I would start with the FAQ entry on Performance
Tuning http://www.openldap.org/faq/data/cache/190.html 
For examnple, figure out what operations the auth process performs, and add
indexes to support those operations in particular.

As for scalability, I doubt that a mere 25K of users doing read operations
will overload your hardware. Writes and complex searches are another matter.
And what about availability -- what are you going to do if that server
fails?

-----Original Message-----
From: Denny Snyder [mailto:DSnyder@suscom.com] 
Sent: Friday, April 05, 2002 12:35 PM
To: openldap-software@OpenLDAP.org 
Subject: OpenLDAP performance tuning and scalability


Hello all,

I finally got OpenLDAP authentication to work under RedHat Linux 7.2 (with
all the updates)....  Unfortunately, during the auth process my cpu
utilization goes through the roof on my dual PIII 933 test box (with 1Gb of
RAM and 397 Gb of Diskspace - mostly on /home)...  I see 3 slapd processes
that utilize over 89% on one CPU and 79% on the other (combined) during the
auth and then it calms down....  and the auth takes almost 15 seconds!

I can't have this....  I need to move away from a flat file user system (I
have 25K+ users right now) and move to a centralized auth that can handle
the pop3, ftp, ssh, and postscript auth requests without killing the
system.....  and OpenLDAP seems to be the only route to go to since there
are a boatload of nice migration and maintenance/management utilities.  I've
since removed OpenLDAP and installed IBM's SecureWay LDAP Server but it
doesn't have the object classes and attributes built in that OpenLDAP
does.....

I used the RPM's to install OpenLDAP....  are there any tuning parameters
that I can use to speed things up a bit?  If I compile the source, are there
any compile-time options that would help this out?  I really love OpenLDAP's
simplicity of install and configuration - but I'm growing user accounts like
crazy and I need to be able to authenticate a boatload of them
simultaneously, constantly, and quickly without driving my processors into
the red.

Also, (as if this weren't enough), I was curious if there is anything out
there that could read in an existing LDAP directory and create home
directories based on the users found.....  I don't want any entries created
in /etc/passwd or /etc/group....  just the creation of the home
directories....  My reason is that I have 3 servers....  1 is my main POP3
server (Quad PIII Xeon, 2Gb RAM, 700+Gb storage on /var using mbox mail
storage) running QPopper and Postfix (incoming from a mail relay only),
another is running Postfix for my SMTP-Relay host, and the third is going to
be my user webspace server...  The user webspace server needs the home
directories in order for my User_Dir setup to work....  Right now all the
users exist in flat files on the POP server....  All are running RedHat 7.2
with all updates.

Sorry this is so long winded....  I would really LOVE to use OpenLDAP but
only if it can be tuned for high performance and scalability.....

Thanks for any advice in advance!

Denny Snyder
Network Engineer
Susquehanna Communications
1050 E. King St
York, PA 17403
Office: (717)771-2613
Fax:    (717)843-5400
dsnyder@suscom.com 
postmaster@suscom.net 
"Nothing in life is worse than SPAM....  well.... maybe cold coffee! (or
Lutefisk?)"  ;)