[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nscd/openldap issue

To: openldap-software@OpenLDAP.org
Subject: Re: nscd/openldap issue
From: Patrick von der Hagen <hagen@ira.uka.de>
Date: Thu, 21 Nov 2002 00:12:16 +0100
Content-disposition: inline
In-reply-to: <1037827801.5148.257.camel@localhost>; from tonni@billy.demon.nl on Wed, Nov 20, 2002 at 10:30:02PM +0100
References: <38500.168.91.2.45.1037802862.squirrel@mail.ivytech.edu> <1037822301.5148.215.camel@localhost> <39125.168.91.2.45.1037823172.squirrel@mail.ivytech.edu> <1037827801.5148.257.camel@localhost>
User-agent: Mutt/1.2.5.1i

On Wed, Nov 20, 2002 at 10:30:02PM +0100, Tony Earnshaw wrote:
[...]
> Sounds horrible (do Ammeddicans understand "hoddibel"?) and it would be
> interesting to gather other Solaris sysadmins' experiences with this
> sort of setup. I refuse to believe that you're the only Solaris
> 8/Openldap user with this kind of load.
That's SOOOO nice. ;-)

Well, I migrated NIS to OpenLDAP with padl-nss and padl-pam nine days
ago and I suffering from a rather bad performance which I didn't really
expect.

Right now I can't explain it and don't know whom to blame. ;-)
slapd has an unexpected high load on my Sun Enterprise Something,
featuring 1280MB RAM and supposedly 400MHz. You see, I'm no hardware
guy. ;-)

When doing ldapsearch on indexed attributes, slapd seems to be very
fast, so there is probably no "basic" problem, like to little RAM
(usually 750MB available and slapd uses much less than expected). 
However, I can definitly create queries being slow, too. No surpise, if
you want to, you can.

I suppose my problem is the following: I have a group of 2200 users
(students) and this is their primary group. So if you query "people" you
get the student-gidNumber. However, in the group-tree the student-group
has no members (padl did it, not my fault;-)) so to get all members of
that group you have to iterate over all "people". That's not cool and if
nss should do that I suspect there might be a performance-impact.

I've been told that there is a rather low limit of users you can put in
an LDAP-group, so perhaps every big group causes performance-problems
with slapd?

Well, to sum up:
I'm using OpenLDAP, nss and nscd on Solaris, too. I have little
experience and don't know where the real problem lies but I could
imagine that the "wrong sort of questions" is asked, especially in
"group-handling".

I'm not so happy with logging, by the way. There is just too much. ;-)
Time of request, filter, originating ip would be great. Well, I suppose
grep will help....

Any tips would be greatly appreciated. ;-)

-- 
CU,
   Patrick.

References:
- nscd/openldap issue
  - From: "John Madden" <jmadden@ivytech.edu>
- Re: nscd/openldap issue
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: nscd/openldap issue
  - From: "John Madden" <jmadden@ivytech.edu>
- Re: nscd/openldap issue
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: LDAP control for multipile domains
Next by Date: Re: openldap and Sun One?
Index(es):
- Chronological
- Thread