RE: SLAPD denial of connections under load

I would agree but I've been very careful about making sure that my
indicies are appropriate and comprehensive for the set of queries I'm
running.  Nearly all queries to the system are of the form:


Both mail and accountStatus are indexed.

In fact, here are my indexes:

index accountStatus         eq
index associatedDomain      eq
index cn                    eq,pres,subinitial
index mail                  eq,pres
index mailAlternateAddress  eq,pres
index objectclass           eq

I just loaded a days worth of slapd logs into SQL server yesterday
evening and I'm hoping to mine that for searches/sec throughout the day
and the time required for searches throughout the day.  Hopefully binds
too.  Is there anything else I should check for?



Howard Chu wrote:

> Quanah Gibson-Mount wrote:
>> --On Wednesday, August 11, 2004 8:43 PM -0400 James Courtney
>> <Jcourtney@inphonic.com> wrote:
>>> Our other problem is that under high load from the mail server we 
>>> see that Maildrop claims it cannot connect to the LDAP server.  They

>>> are on the same system and Maildrop connects to localhost rather 
>>> than going out over the network and back.  Maildrop's 
>>> ldap_simple_bind_s is returning 81
>>> (0x51) which is defined as the constant LDAP_SERVER_DOWN.  The 
>>> server has
>>> been up for 24 hours now and is generally responsive though so this
>>> confusing.  Under what conditions would slapd not accept a network
>>> connection?  Threads + backlog exceeded?
>> I suggest you separate the mail server from the LDAP server.  The 
>> high load on the system from the mail delivery agent may be 
>> preventing slapd from responding.
> There isn't enough information here to determine a course of action. 
> You need to get more info before making suggestions on how to fix the 
> problem.
> My guess is that slapd is out of file descriptors or there are too 
> many outstanding connections. Using a program like lsof may help to 
> determine if that's the case. There is no way that any mail server can

> generate more queries than slapd can handle when both are running on 
> the same CPU.

My 2c: when slapd is unable to serve an MTA, usually you need to craft
your backend's indices.  I really don't see a scenario where looking up
an indexed key takes longer than handling an email.

Ciao, p.

