[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ldappasswd command executing very slowly

(Forgive me if this isn't the correct forum for this question.  I considered
posting this to the pam_ldap list first, but since I can reproduce this
problem on my test machine with just the OpenLDAP server and "ldappasswd" I
felt that this forum was probably more appropriate.  If I'm mistaken about
that, please let me know.)

I'm in the process of upgrading our live mail server from Red Hat Linux 7.2
to Red Hat Enterprise Linux 2.1.  I'm using OpenLDAP server (installed from
Red Hat's "openldap-servers-2.0.27-2.7.3" RPM) and nss_ldap/pam_ldap to
authenticate users via my LDAP database.  I noticed on my RHEL test machine
that password changes were taking longer than usual.  In an attempt to
narrow down the problem I created a small test database with only one user
and timed the "ldappasswd" command like so:

[root@mail5 root]# time ldappasswd -x -D "cn=root,dc=crye-leike,dc=com" \
-w ldappass "uid=testguy,ou=People,dc=crye-leike,dc=com" -s notagain3
Result: Success (0)


I ran this command several times on my test machine (only one logged in
user, load average 0.34) and it was consistently 3.5-4.0 seconds.  On the
live RH 7.2 server (which has very similiar hardware) this same command
takes about 0.5-1.0 second tops.

If I run "iostat -x 1" on the test machine while I'm changing the password I
notice the drive utilization spikes to 100% for the duration of the command.
The live server barely registers anything in iostat during a password

I've run slapd in debug mode (level 1, trace function calls) during the
password change.  There are numerous calls to key_change() throughout the
3-4 second pause.  I setup RH 7.2 on a different test machine and I get the
same results, but these calls fly by within the half second the command

I'm using LDBM as a database type.  I'm no expert on how this works, but it
appears that this uses the gdbm libraries which are installed via Red Hat's
"gdbm-1.8.0-11" and "gdbm-devel-1.8.0-11" RPMS.

I've submitted a support request to Red Hat.  It seems to me that this is
probably either a Red Hat issue or a hardware issue on my test box, but
nothing else is behaving strangely.  I've timed various LDAP additions and
modifications and it appears that only password changes are exhibiting the
behavior described above.

If anyone has seen anything like this, I'd really appreciate any ideas or
pointers.  I've been hammering away on this a while and I've run out of
ideas.  I can make available an LDIF of my database, my slapd.conf, and
ldap.conf file if they will help.  Thanks in advance...

Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722