[Date Prev][Date Next] [Chronological] [Thread] [Top]

weird performance issue



i recently migrated my openldap setup from openldap 2.0.x running on
an older redhat 7.3 server to openldap 2.1.30-r2 running on gentoo
linux.  i copied my slapd.conf over to the new machine, and exported
my data as one big ldif, which i was able to import without too much
trouble.  the only difference between the old machine and the new is
that i switch from using an lbdm databse to using bdb on the new
server.

now however, i'm experiencing terrible performance from the new
machine.  the ldap server functions primarily as a distributed
authentication system.  if i change one of my existing servers from
pointing at the old machine to the new, ssh logins go from being
instantaneous to taking 5+ seconds for a password prompt to appear. 
i'm using the same indexes (i ran slapindex after starting slapd on
the new server),  the same pam setup for both servers, and switching
from TLS to plaintext doesn't appear to make any difference at all.

does anyone have any suggestions as to what i should start tweaking to
improve performance?  i've looked at the suggestions in the openldap
faq regarding caches for BerkelyDB, however creating the DB_CONFIG
file and restarting slapd didn't appear to affect things one way or
the other.  i've pasted my slapd configuration below, and any
suggestions would be most appreciated.  thanks!

------------------slapd.conf----------------------
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/samba.schema

TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem

loglevel 296
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

access to attrs=userPassword
	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
	by self write
	by * auth

access to * 
	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
	by * read

database	bdb
suffix		"dc=laits,dc=utexas,dc=edu"
rootdn		"cn=ldapadmin,dc=laits,dc=utexas,dc=edu"

rootpw		********

directory	/var/lib/openldap-data

index	objectClass,uidNumber,gidNumber,memberUid	eq
index	uid,mail,surname,givenname					eq,subinitial

cachesize 5000
---------------------------------------------------------------------

-- 
jacob walcik
jwalcik@gmail.com