[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: alock File Keeps LDAP (slapd) from Starting Up



On Thu, May 25, 2006 at 01:56:22PM -0700, Todd Lyons wrote:

>>BDB 4.3 is a known problem release.  The suggested BDB release is 
>>4.2.52+patches, and possible BDB 4.4.20+patches.  But not BDB 4.3.anything.
>Ah, that's good to know.  I upgraded an old 2.1.30 production server to
>2.3.21 with bdb 4.3 and the load went through the roof, searches were
>blindingly slow, etc.  I'm rolling back to 2.2.30 right now with db 4.2.
>We'll see if that fixes my speed problem.

Followup:
No, it didn't fix the speed problem.  When using the ldbm backend, the
machine sits at load around 0.1 and 2% or 3% cpu usage.  I switch to bdb
backend and my load jumps to 14 or so, searches take seconds to complete
(of course slows down as the load gets higher).  At that point, the
acceptance of new incoming connects gets degraded enough that it drops
out of the load balancer until OpenLDAP catches up on things.  In short,
I wasn't able to get it to work.  I had to go back to ldbm.  I'll keep
hacking away at it.

Here are my configs:

/etc/openldap/slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/sendmail.schema
include         /etc/openldap/schema/courier.schema
include         /etc/ssh/openssh-lpk.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

loglevel 0

allow bind_v2

access to attr=userPassword
        by dn="cn=master,dc=ivenue,dc=net" write
        by dn="cn=courier,dc=ivenue,dc=net" read
        by dn="cn=sendmail,dc=ivenue,dc=net" read
        by dn="cn=pam,dc=ivenue,dc=net" read
        by dn="cn=pam,ou=employees,dc=ivenue,dc=net" read
        by self write
        by * auth
access to *
        by dn="cn=master,dc=ivenue,dc=net" write
        by * read

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=ivenue,dc=net"
rootdn          "cn=Manager,dc=ivenue,dc=net"
rootpw          {crypt}blahblahblahblah
directory       /var/lib/openldap-data
# Indices to maintain
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
index   sendmailMTAKey,sendmailMTAMapName               eq
index   sendmailMTAHost,sendmailMTACluster              eq
index   sendmailMTAAliasGrouping,sendmailMTAClassName   eq

#database       bdb
#suffix         "dc=ivenue,dc=net"
#rootdn         "cn=Manager,dc=ivenue,dc=net"
#rootpw         {crypt}6d1Y8zMFOZQ/6
#directory      /var/lib/openldap-bdb
## Tried 10000 too
#cachesize      50000   
## Indices to maintain
#index  objectClass                                     eq
#index  uid,uidNumber,gidNumber,memberUid               eq
#index  cn,mail,surname,givenname                       eq,subinitial
#index  sendmailMTAKey,sendmailMTAMapName               eq
#index  sendmailMTAHost,sendmailMTACluster              eq
#index  sendmailMTAAliasGrouping,sendmailMTAClassName   eq

updatedn cn=master,dc=ivenue,dc=net


2.6.12-gentoo-r10 ldap1 openldap # cat /var/lib/openldap-bdb/DB_CONFIG 
#
# Set the database in memory cache size.
#
set_cachesize   0       52428800        0

#
# Set database flags.
#               
set_flags       DB_TXN_NOSYNC

#
# Set log values.
#
set_lg_regionmax        1048576
set_lg_max              10485760
set_lg_bsize            2097152
set_lg_dir              /var/lib/openldap-bdb/log

#
# Set temporary file creation directory.
#                       
set_tmp_dir             /var/tmp


All directories exist, owned by ldap:ldap (except for /var/tmp of
course).  I didn't do anything as far as fine tuning the DB_CONFIG,
don't know where to start with that.  I am using values I found in a
discussion on the ML somewhere.


2.6.12-gentoo-r10 ldap1 openldap # vdir /var/lib/openldap-bdb/
total 157332
-rw-r--r--    1 ldap     ldap          435 May 25 13:54 DB_CONFIG
-rw-------    1 ldap     ldap         8192 May 25 13:54 __db.001
-rw-------    1 ldap     ldap     65544192 May 25 13:54 __db.002
-rw-------    1 ldap     ldap      3145728 May 25 13:54 __db.003
-rw-------    1 ldap     ldap       368640 May 25 13:54 __db.004
-rw-------    1 ldap     ldap        24576 May 25 13:54 __db.005
-rw-------    1 ldap     ldap       212992 May 25 14:02 cn.bdb
-rw-------    1 ldap     ldap     17272832 May 25 14:02 dn2id.bdb
-rw-------    1 ldap     ldap       102400 May 25 14:02 gidNumber.bdb
-rw-------    1 ldap     ldap     64372736 May 25 14:02 id2entry.bdb
drwxr-xr-x    2 ldap     ldap         4096 May 25 13:56 log
-rw-------    1 ldap     ldap      5533696 May 25 14:02 mail.bdb
-rw-------    1 ldap     ldap         8192 May 25 14:02 memberUid.bdb
-rw-------    1 ldap     ldap      2387968 May 25 14:02 objectClass.bdb
-rw-------    1 ldap     ldap         8192 May 25 14:02 sendmailMTAAliasGrouping.bdb
-rw-------    1 ldap     ldap         8192 May 25 13:56 sendmailMTAClassName.bdb
-rw-------    1 ldap     ldap       483328 May 25 14:02 sendmailMTACluster.bdb
-rw-------    1 ldap     ldap         8192 May 25 14:02 sendmailMTAHost.bdb
-rw-------    1 ldap     ldap      1273856 May 25 14:02 sendmailMTAKey.bdb
-rw-------    1 ldap     ldap       483328 May 25 14:02 sendmailMTAMapName.bdb
-rw-------    1 ldap     ldap         8192 May 25 13:56 sn.bdb
-rw-------    1 ldap     ldap       520192 May 25 14:02 uid.bdb
-rw-------    1 ldap     ldap       266240 May 25 14:02 uidNumber.bdb


Any pointers, urls, or regular ole help would be much appreciated.
-- 
Regards...		Todd
There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo.  Please use in that order. --Ed Howdershelt
Linux kernel 2.6.12-18mdksmp   2 users,  load average: 1.43, 1.14, 0.67