[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: weird performance issue

To: Jacob Walcik <jwalcik@gmail.com>
Subject: Re: weird performance issue
From: "Sean O'Malley" <omalleys@msu.edu>
Date: Mon, 29 Nov 2004 17:10:32 -0500 (EST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <f02e1d3e04112913242a7f1b0@mail.gmail.com>

If this is berkeley 4.1, make sure you apply the patches to the Berkeley
libraries. I ran into some cache corruption issues without the patches.
(they aren't applied by default.) I started mucking around with the db
variables but in the end I think I just let it run as default.

I got like a 30% performance gain using bdb over ldbm but we are just
using it for authorization.

It really sounds like an indexing problem. I would load that sucker with
ldapadd.. I think I tried using slapindex once and it corrupted the
indexes and I didn't think it was safe to use it on an open database.
(although that may have changed between 2.1.8 and 2.1.30)


--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------

On Mon, 29 Nov 2004, Jacob Walcik wrote:

> i recently migrated my openldap setup from openldap 2.0.x running on
> an older redhat 7.3 server to openldap 2.1.30-r2 running on gentoo
> linux.  i copied my slapd.conf over to the new machine, and exported
> my data as one big ldif, which i was able to import without too much
> trouble.  the only difference between the old machine and the new is
> that i switch from using an lbdm databse to using bdb on the new
> server.
>
> now however, i'm experiencing terrible performance from the new
> machine.  the ldap server functions primarily as a distributed
> authentication system.  if i change one of my existing servers from
> pointing at the old machine to the new, ssh logins go from being
> instantaneous to taking 5+ seconds for a password prompt to appear.
> i'm using the same indexes (i ran slapindex after starting slapd on
> the new server),  the same pam setup for both servers, and switching
> from TLS to plaintext doesn't appear to make any difference at all.
>
> does anyone have any suggestions as to what i should start tweaking to
> improve performance?  i've looked at the suggestions in the openldap
> faq regarding caches for BerkelyDB, however creating the DB_CONFIG
> file and restarting slapd didn't appear to affect things one way or
> the other.  i've pasted my slapd configuration below, and any
> suggestions would be most appreciated.  thanks!
>
> ------------------slapd.conf----------------------
> include		/etc/openldap/schema/core.schema
> include		/etc/openldap/schema/cosine.schema
> include		/etc/openldap/schema/inetorgperson.schema
> include		/etc/openldap/schema/misc.schema
> include		/etc/openldap/schema/nis.schema
> include		/etc/openldap/schema/samba.schema
>
> TLSCertificateFile /etc/ssl/ldap.pem
> TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
> TLSCACertificateFile /etc/ssl/ldap.pem
>
> loglevel 296
> pidfile		/var/run/openldap/slapd.pid
> argsfile	/var/run/openldap/slapd.args
>
> access to attrs=userPassword
> 	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
> 	by self write
> 	by * auth
>
> access to *
> 	by dn="ou=admin,ou=laits,ou=people,dc=laits,dc=utexas,dc=edu" write
> 	by * read
>
> database	bdb
> suffix		"dc=laits,dc=utexas,dc=edu"
> rootdn		"cn=ldapadmin,dc=laits,dc=utexas,dc=edu"
>
> rootpw		********
>
> directory	/var/lib/openldap-data
>
> index	objectClass,uidNumber,gidNumber,memberUid	eq
> index	uid,mail,surname,givenname					eq,subinitial
>
> cachesize 5000
> ---------------------------------------------------------------------
>
>

References:
- weird performance issue
  - From: Jacob Walcik <jwalcik@gmail.com>

Prev by Date: Re: weird performance issue
Next by Date: Re: weird performance issue
Index(es):
- Chronological
- Thread