[Date Prev][Date Next]
Ldap not reachable/tuning
- To: firstname.lastname@example.org
- Subject: Ldap not reachable/tuning
- From: Thomas Hummel <email@example.com>
- Date: Fri, 25 Nov 2016 19:05:45 +0100
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0
I'm using a simple setup on CentOS Linux release 7.2.1511
(Core)/openldap-servers-2.4.40-9 /cn=config/mdb : one provider with the
syncprov overlay and 2 syncrepl consumers. The DIT itself is about 10000
dn in size (about 3000 active users).
Everything works fine except that sometimes, some clients report
(temporary) failure to reach the consumers (NAS servers for instance).
All I see in the logs is that when this happens, the time windows
loosely match a moment where log rate limiting is dropping messages (for
debugging purpose, I disabled journald ratelimiting and doubled default
rsyslog one - still some drops occur on a regular basis).
So I assume it happens when slapd is kind of busy...
Here are some question about that :
- First tuning attempt :
I noticed that olcDbMaxReaders value was set to 0 (not by me!)
I changed it to olcDbMaxReaders: 512
I thought the problem didn't occur anymore but I was wrong.
-> Is there any guideline about how to setup MaxReaders ?
- Second tuning attempt :
I thought maybe replication was responsible (I'm using refreshAndPersist
mode) so I raised the size of the sessionLog (from 100 to 800).
I read the doc again and I'd like to know if the following understanding
is correct :
- thanks to contextCSN and the sync cookies, replication CAN be stateless
- if we want it stateless, syncprov HAS TO use the present phase, which
basically is like sending the whole DIT except that for unchanged
entries, only names are sent
- if and ONLY IF a state is used (in the form of a sessionLog), then
delete phase can be used (and if the sessionLog can hold enough since
the last sync)
As a matter of fact, at the opposite of the present phase, in the delete
phase, syncprov has to 'remember' (i.e store in a sessionLog) which
entries has been deleted.
-> this assumes that delete phase is more efficient than the present
phase, right ?
-> if for some reason (for instance sessionLog being too small, delete
phase can not be used) syncprov HAS TO fall back to present phase, correct ?
-> does using the sessionLog MAKE SENSE AT ALL when using
refreshAndPersist mode ?
-> is there any guideline to choose the right size for the sessionLog ?
- Third tuning attempt
I also raised the checkpoint values.
-> Is there any guideline here as well ?