[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ldap performance : help needed



Hello list,


I have the following rules in /etc/openldap/slapd.conf for about 250 users (cust1 -> cust250).


This is an extract for user 'cust22' and user 'cust23' :


access to dn.regex="ou=tbook[12345],ou=contacten,ou=cust22,dc=mydomain" attrs=children
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by * none break

access to dn.one="ou=tbook1,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook1,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook2,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook2,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook3,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook3,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook4,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook4,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook5,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook5,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.regex="ou=tbook[12345],ou=contacten,ou=cust23,dc=mydomain" attrs=children
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by * none break

access to dn.one="ou=tbook1,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook1,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook2,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook2,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook3,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook3,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook4,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook4,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook5,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook5,ou=gebruikers,ou=cust23,dc=mydomain" read




I notice that there is a huge lack of performance (slow response times) when over about 100 users. There are quite some access rules in slapd.conf at that time.

There is about 8 seconds between query and response :


Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 fd=13 ACCEPT from IP=xx.xx.xx.xx:1046 (IP=0.0.0.0:389)
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" method=128
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" mech=SIMPLE ssf=0
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 RESULT tag=97 err=0 text=
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=1 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&(telephoneNumber=*)(sn=t*))"
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=1 SRCH attr=cn sn telephoneNumber

Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=2 ABANDON msg=2
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=3 UNBIND
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 fd=13 closed




Question : how can I get a better performance ? How can I adapt my access rules for better performance ?


Thanks !


Kind Regards,

Jonas.