[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: weird performance issue

If this is berkeley 4.1, make sure you apply the patches to the Berkeley
libraries. I ran into some cache corruption issues without the patches.
(they aren't applied by default.) I started mucking around with the db
variables but in the end I think I just let it run as default.

I got like a 30% performance gain using bdb over ldbm but we are just
using it for authorization.

It really sounds like an indexing problem. I would load that sucker with
ldapadd.. I think I tried using slapindex once and it corrupted the
indexes and I didn't think it was safe to use it on an open database.
(although that may have changed between 2.1.8 and 2.1.30)

  Sean O'Malley, Information Technologist
  Michigan State University

On Mon, 29 Nov 2004, Jacob Walcik wrote:

> i recently migrated my openldap setup from openldap 2.0.x running on
> an older redhat 7.3 server to openldap 2.1.30-r2 running on gentoo
> linux.  i copied my slapd.conf over to the new machine, and exported
> my data as one big ldif, which i was able to import without too much
> trouble.  the only difference between the old machine and the new is
> that i switch from using an lbdm databse to using bdb on the new
> server.
> now however, i'm experiencing terrible performance from the new
> machine.  the ldap server functions primarily as a distributed
> authentication system.  if i change one of my existing servers from
> pointing at the old machine to the new, ssh logins go from being
> instantaneous to taking 5+ seconds for a password prompt to appear.
> i'm using the same indexes (i ran slapindex after starting slapd on
> the new server),  the same pam setup for both servers, and switching
> from TLS to plaintext doesn't appear to make any difference at all.
> does anyone have any suggestions as to what i should start tweaking to
> improve performance?  i've looked at the suggestions in the openldap
> faq regarding caches for BerkelyDB, however creating the DB_CONFIG
> file and restarting slapd didn't appear to affect things one way or
> the other.  i've pasted my slapd configuration below, and any
> suggestions would be most appreciated.  thanks!
> ------------------slapd.conf----------------------
> include		/etc/openldap/schema/core.schema
> include		/etc/openldap/schema/cosine.schema
> include		/etc/openldap/schema/inetorgperson.schema
> include		/etc/openldap/schema/misc.schema
> include		/etc/openldap/schema/nis.schema
> include		/etc/openldap/schema/samba.schema
> TLSCertificateFile /etc/ssl/ldap.pem
> TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
> TLSCACertificateFile /etc/ssl/ldap.pem
> loglevel 296
> pidfile		/var/run/openldap/slapd.pid
> argsfile	/var/run/openldap/slapd.args
> access to attrs=userPassword
> 	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
> 	by self write
> 	by * auth
> access to *
> 	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
> 	by * read
> database	bdb
> suffix		"dc=laits,dc=utexas,dc=edu"
> rootdn		"cn=ldapadmin,dc=laits,dc=utexas,dc=edu"
> rootpw		********
> directory	/var/lib/openldap-data
> index	objectClass,uidNumber,gidNumber,memberUid	eq
> index	uid,mail,surname,givenname					eq,subinitial
> cachesize 5000
> ---------------------------------------------------------------------