--On Monday, April 11, 2011 1:55 PM -0400 Al<afrunning@gmail.com> wrote:
I added those as well, no noticeable change in performance:
cachesize 500000
idlcachesize 500000
checkpoint 10000 15
In a heavy write environment, I've found that smaller more frequent
checkpoints are better. Yours is set rather high.
Also, you are definitely not using "dynamic" groups in the OpenLDAP
sense of the word, although they would probably perform significantly
better for you.
Yes, I understand that - thats why I put it in quotes. I looked into
using OpenLDAP dynamic lists, but I think I'm limited by the fact that
some of our systems requiring these groups need to do searchs off of
it based on the dynamic membership (and from what I can tell, its not
possible to use it that way), ie they need to search for
(uniquemember=cn=xxxx,cn=users,...) on my group section of the tree.
I'll openly admit some of the values I have been picking for caching
and checkpoint are somewhat arbitrary. I've been trying many
different values and have yet to settle on any that work well. I'll
gladly try any recommendations.
Make sure you read over the dynlist overlay, I think you can do what you
want. A group with 50,000+ members is probably going to take a long time
to update. So OpenLDAP dynamic groups may well do better for you.