[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Large "dynamic" groups and performance

Quanah Gibson-Mount wrote:
--On Monday, April 11, 2011 1:55 PM -0400 Al<afrunning@gmail.com>  wrote:

I added those as well, no noticeable change in performance:

cachesize 500000
idlcachesize 500000
checkpoint 10000 15

In a heavy write environment, I've found that smaller more frequent
checkpoints are better.  Yours is set rather high.

Also, you are definitely not using "dynamic" groups in the OpenLDAP
sense of the word, although they would probably perform significantly
better for you.

Yes, I understand that - thats why I put it in quotes.  I looked into
using OpenLDAP dynamic lists, but I think I'm limited by the fact that
some of our systems requiring these groups need to do searchs off of
it based on the dynamic membership (and from what I can tell, its not
possible to use it that way), ie they need to search for
(uniquemember=cn=xxxx,cn=users,...) on my group section of the tree.

I'll openly admit some of the values I have been picking for caching
and checkpoint are somewhat arbitrary.  I've been trying many
different values and have yet to settle on any that work well.  I'll
gladly try any recommendations.

Make sure you read over the dynlist overlay, I think you can do what you
want.  A group with 50,000+ members is probably going to take a long time
to update.  So OpenLDAP dynamic groups may well do better for you.

The dynlist overlay does not support searches of the form (member=foo). While updates of such large groups will involve a lot of I/O (and thus will always be slow) you can still improve things a little using the sortvals config option.
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/