[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 (?) on RedHat Enterprise summary

On Fri, 7 May 2004, Pierangelo Masarati wrote:

> 10000 searches:
> Wed Mar 17 15:01:58 SAST 2004
> Wed Mar 17 15:23:17 SAST 2004

OK, I fixed our objectclasses to be LDAPv3 compliant enough and ran some

Running pretty much the same tests, I finish about 30 times faster, and I
see no significant difference between RHEL 3AS and RHEL 2.1.

My test box is a Dell 2750 with 2GB RAM and 2 x 2.8GHz Xeon. Yes, that's
ridiculously overpowered, but the box will also run SpamAssassin and

RHEL 3AS, kernel 2.4.21-9.0.3.ELsmp. 2.4.21-9.0.3.EL is about 10% *slower*;  
SMP doesn't buy us much, but I see no penalty from it.

OpenLDAP 2.1.30 with BDB Changes from Jehan's SRPM are removing
the old SUSE openldap-2.1.17-string.patch, which looks like a novice "let's
replace all strcat with strncat for SECURITY" exercise,
--without-cyrus-sasl, --disable-wrappers, --disable-modules,
--disable-ldbm, --enable-monitor, and --without-kerberos. Just LDAP with
simple bind over TLS is all we need, thanks.

/tmp/searche is 12,000 lines like
 ldapsearch -h -x -LLL "mailAcceptingGeneralId=rcgraves" \ 

Searching for this one indexed attribute and with somewhat verbose loglevel
2816, I can get 250 queries per second, both from localhost and from a
remote host, both single-threaded in series and 30-something at a time with

split -b 400 /tmp/searche
for f in xa* xbb xbc xbd xbe; do (sh $f >> /dev/null 2>> /dev/null < 
/dev/null &) ; done; time sh xba > /dev/null 2>> /dev/null &

Given that forking "nc -z localhost 389" 12,000 times takes 30 seconds, 49 
seconds to do 12,000 LDAP queries isn't bad.

If I add substring searches of two unindexed attributes to the query, I can 
still finish 12,000 queries in just over two minutes.
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator