[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Question

To: Andi Gorhan <andigorhan@yahoo.de>
Subject: Re: LDAP Question
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Tue, 13 Jan 2009 17:05:45 +0000
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <420248.57225.qm@web27506.mail.ukl.yahoo.com>
References: <420248.57225.qm@web27506.mail.ukl.yahoo.com>
User-agent: Mutt/1.5.13 (2006-08-11)

On Mon, Jan 12, 2009 at 03:36:07PM +0000, Andi Gorhan wrote:

> My environment is relativ big. I have 2 LDAP Masters and 8 LDAP Slaves. I configured both
> Masters with the Master-Master Syncreplication. Also all Slaves sync with the Master 1. The second
> Master is only Backup. I build a really big database (~1.000.000 entrys) to see how LDAP handle
> this. Now my questions:
> 
> 1. I want to know how LDAP works innside. If I tell LDAP which attributes to index, what does LDAP do?
> When does LDAP index the attributes and how much time/performance cost that? What is the LDAP indexing Process?

If you added the index to the config before loading the data then the
indexing is done as each entry is loaded.

If you added the index after loading the data then it depends on how
your server is configured: you will probably have to stop slapd and
run slapindex to build the indexes.

Indexing 1M entries is likely to take time. If you post the server config
and an example entry then maybe someone on the list can compare it to
their own setup. Disk speed and amount of RAM will have a big effect,
and so will the way you set database tuning parameters.

> 2. A very strange behaviour occurs after on a given time. The CPU Load increase dramatically and I do not know why. 
> Is it indexing or the Master Master configuration? What else can generate this CPU Problem? 

You need to post more details: SLAPD config files and DB_CONFIG at least.

> 3. The last point is about LDAP Security. The normal backup way is to use slapcat and slapadd. Is it possible to
> simply copy the whole database for a correct working backup. So if LDAP Master break down I simply copy the
> backuped database to the LDAP directory and everyting works? I tested it before and at the first time it looks good but
> If I want to search an entry with some filter rules (e.g. uid=abc) it doesn't bring any entrys although the entry exists. If 
> I do not use filter, it works correctly. What can be the problem here?

You cannot just copy the files of a running database.
You must either shut down slapd before starting the backup, or you
must follow the Berkeley DB backup instructions. In either case I
would advise keeping a slapcat backup as well.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- LDAP Question
  - From: Andi Gorhan <andigorhan@yahoo.de>

Prev by Date: access: regexp vs. ip
Next by Date: syncrepl problem - nothing updated after initial syncronisation
Index(es):
- Chronological
- Thread