[Date Prev][Date Next]
RE: thread problem OpenLDAP 2.1.8 + Solaris 9
--On Friday, November 08, 2002 5:21 PM -0800 Howard Chu
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kurt D.
Other things to look at:
- ACLs... avoid unnecesary regex'ing
- REGEX... make sure you are using a good REGEX library
(some Solaris versions suck)
- Logging (disable synchronous logging, only log
Just echoing this - syslog() takes a huge toll on performance. On a
single-CPU machine with local log targets, the syslog daemon will eat up
more CPU and I/O resources than slapd itself. This is because syslogd
always flushes its disk buffers for every individual message it logs. I
haven't tested using a remote log destination; it may be cheaper since
the remote syslog protocol uses UDP, so there would be no filesystem
The fact that slapd is able to send debugging/diagnostic messages to
syslog() doesn't mean you should actually use this facility. Diagnostics
should only be generated when you are actively tracking down a problem,
and it's best just to use the "-d" option with stderr instead. Use of
syslog is best reserved for extraordinary situations, where system
integrity is in jeopardy and performance is no longer the issue...
Since we _must_ have logs of who is accessing our server, with such
information as IP, SASL bind DN, and query, we need some form of logging.
Unfortunately, the only logging options I see provided with OpenLDAP are
the syslog debugging options. Something like the Netscape Directory Server
access & error logs would be wonderful to have. I see nothing in your
notes above that indicate how someone is supposed to generate those types
of logs, nor does there appear to be anything in the online documention on
how to do so either.
Senior Systems Administrator
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html