[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ldap not reachable/tuning


I'm using a simple setup on CentOS Linux release 7.2.1511 (Core)/openldap-servers-2.4.40-9 /cn=config/mdb : one provider with the syncprov overlay and 2 syncrepl consumers. The DIT itself is about 10000 dn in size (about 3000 active users).

Everything works fine except that sometimes, some clients report (temporary) failure to reach the consumers (NAS servers for instance).

All I see in the logs is that when this happens, the time windows loosely match a moment where log rate limiting is dropping messages (for debugging purpose, I disabled journald ratelimiting and doubled default rsyslog one - still some drops occur on a regular basis).

So I assume it happens when slapd is kind of busy...

Here are some question about that :

- First tuning attempt :

I noticed that olcDbMaxReaders value was set to 0 (not by me!)

I changed it to olcDbMaxReaders: 512

I thought the problem didn't occur anymore but I was wrong.

-> Is there any guideline about how to setup MaxReaders ?

- Second tuning attempt :

I thought maybe replication was responsible (I'm using refreshAndPersist mode) so I raised the size of the sessionLog (from 100 to 800).

I read the doc again and I'd like to know if the following understanding is correct :

- thanks to contextCSN and the sync cookies, replication CAN be stateless

- if we want it stateless, syncprov HAS TO use the present phase, which basically is like sending the whole DIT except that for unchanged entries, only names are sent

- if and ONLY IF a state is used (in the form of a sessionLog), then delete phase can be used (and if the sessionLog can hold enough since the last sync)

As a matter of fact, at the opposite of the present phase, in the delete phase, syncprov has to 'remember' (i.e store in a sessionLog) which entries has been deleted.

-> this assumes that delete phase is more efficient than the present phase, right ?

-> if for some reason (for instance sessionLog being too small, delete phase can not be used) syncprov HAS TO fall back to present phase, correct ?

-> does using the sessionLog MAKE SENSE AT ALL when using refreshAndPersist mode ?

-> is there any guideline to choose the right size for the sessionLog ?

- Third tuning attempt

I also raised the checkpoint values.

-> Is there any guideline here as well ?