[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Re: Listing /home dir very slow [SOLVED]

To: "'Alan Sparks'" <asparks@doublesparks.net>, <jleach@ocis.net>
Subject: RE: Re: Listing /home dir very slow [SOLVED]
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 27 Feb 2003 17:22:28 -0800
Cc: <lists@zonatex.net>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1510.192.168.2.6.1046391014.squirrel@www.doublesparks.net>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Alan Sparks

> Jason C. Leach said:
> > For doing an ls -la in /home, is 2-3 lines per second slow
> for LDAP? The
> > only indexing option I have is:
> > 	# Indexing options
> > 	index objectClass eq
> >
> > Anyone know of some more reading on config/setup LDAP? I
> find the docs
> > on OpenLDAP to be not so complete past how to do a quick setup.
>
> Abysmally slow.  You should hardly notice a delay.  Unless
> we're talking
> about thousands of files, that is.
> Your indexing is insufficient.  You might consider indexing at least:
> index   uid             eq,pres
> index   uidNumber       eq
> index   gidNumber       eq
> index   uniqueMember    eq,pres
> index   memberUid       eq,pres
> index   objectClass     eq,pres
> index   host            eq,pres
>
> You may need to consider running the nscd (name service
> cache) daemon, if
> the load on your directory server gets too bad (if you have
> enough nss/pam
> clients).

Presence indexes should only be used on attributes that occur infrequently in
an overall database. Every attribute in LDAP must have an objectclass,
therefore maintaining an index to record "is objectclass present?" is
pointless. It just wastes CPU, memory, and disk resources. As a general rule,
if an attribute naturally appears in the majority of your entries, then you
gain nothing by using a presence index.

Presence indexes also should only be maintained on attributes that are
actually going to be queried with a presence filter, e.g. "(cn=*)". In
general, pam_ldap and nss_ldap do no presence queries at all, they always
filter based on an attribute type and a specific value. As such, the other
presence indices listed above are unnecessary.

As for uniquemember and memberuid, that depends on which version of RFC2307
you're working with. Further details on this are best left to the
nssldap@padl.com mailing list.

PS: don't forget to index cn, which is used by nss_ldap to find groups by
name.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Re: Re: Listing /home dir very slow [SOLVED]
  - From: "Alan Sparks" <asparks@doublesparks.net>

Prev by Date: RE: OpenLDAP in Production
Next by Date: CLient certificates
Index(es):
- Chronological
- Thread