[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bad proformance after add several ACLs setting.



Hello, everyone,

There is a openldap installation on my gentoo server. The version of
server is net-nds/openldap-2.1.30-r2.

The hardware information is

CUP: Intel Xeon 2.4G x 2
MEM: 512M x 2
HD: SCSI 73G x 2 with Raid 1.

There are about 10000 entries in the openldap database.
There are 3600+ enties in a special ou. Before add acl setting to the
slapd.conf on the special ou, if i search the all the children of this
ou, with the follow command:

ldapsearch -x -D "cn=manager,dc=xxx" -w xxx -b "ou=specialou,dc=xxx" >
temp.file

It will take less than 1 sec to finished the query.

But after add the acl settings to the slapd.conf file.
The performance become very bad. It will take about 12-18 sec to return
all the result entries.

The acl setting i have added to the slapd.conf file is:

====BEGIN====
access to attrs="userPassword"
        by  dn="cn=manager,dc=xxx"    write
        by  self    write
        by  anonymous   auth
        by  *   none
access to filter="category=0 *"
       by   dn="cn=manager,dc=xxx"   write
       by   dnattr=creatorsName    write
       by      *       none
access to dn="ou=contacts,ou=,dc=xxx"
    attrs=children
    by  dn="cn=manager,dc=xxx"    write
    by dn.regex="uid=[^,]+,ou=contacts,ou=specialou,dc=xxx" write
    by  *   none
access to dn.regex="^uid=[^,]+,ou=contacts,ou=specialou,dc=xxx$"
    attrs=entry
    by  dn="cn=manager,dc=xxx"    write
    by  dn.regex="uid=[^,]+,ou=contacts,ou=specialou,dc=xxx" write
    by  *   none
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(!(category=5 FL))(category=11 GCC Member))"
    by  dn="cn=manager,dc=xxx" write
    by  dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=anonymous,ou=contacts,ou=specialou,dc=xxx" none
    by  self write
    by  users   none
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(!(category=5 FL))(!(category=11 GCC Member)))"
    by  dn="cn=manager,dc=xxx"    write
    by  dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=anonymous,ou=contacts,ou=specialou,dc=xxx" none
    by  self write
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(category=5 FL)(category=11 GCC Member))"
    by  dn="cn=manager,dc=xxx"    write
    by  dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
    by  dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
    by  self write
    by  users   read
access to dn.subtree="dc=xxx" by * write

===ENG===

And all the necessary attributes are indexed even the category which
appeared in the acl filter.

BTW, i have used the ldbm as the database backend. I have heard that the
ldbm backend will be discarded after 2.4, should i change to other
backend, such as bdb or gdbm.

Does the performance problems related by the ldbm backend?

Best regards

Wang Penghui





-- 
Name.   Wang Penghui | ç éè
Tel.    0086-592-8389650
Mail.   wangpenghui@gmail.com
Web.    http://www.wangpenghui.name
Blog.   http://www.wangpenghui.name/blog

Attachment: signature.asc
Description: This is a digitally signed message part