[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap is too slow, even uncommunicable.

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: ldap is too slow, even uncommunicable.
From: Todd Lyons <tlyons@ivenue.com>
Date: Wed, 15 Sep 2004 09:41:41 -0700
Content-disposition: inline
In-reply-to: <20040909140101.BF76A3C009@talara.terra.com.br>
Organization: Ivenue.com
References: <713c5234040909063574317c4b@mail.gmail.com> <20040909140101.BF76A3C009@talara.terra.com.br>
User-agent: Mutt/1.5.6i

Note that it's best to not hijack threads.  Those of us that use
thread-aware clients have a hard time following things if random
messages appear in the middle of other threads.

Bruno Lopes de Souza Benchimol wanted us to know:

>When I do ldapsearch -x -z 0 -l 0 , I get:
>
># search result
>search: 2
>result: 4 Size limit exceeded
>
># numResponses: 501
># numEntries: 500
>
>Although I got 583 entries, I checked this using:
>ldap:/etc/ldap# slapcat |grep ^dn|wc -l
>    583

The default limit is 500.  If you want the -z 0 to work, you must bind
as the rootdn.

>Basically when I put my samba servers (I got 2) it start getting slow slow
>slow ... until I get cant connect to ldap server.
>Sep  9 10:03:27 smb smbd[2188]:   failed to bind to server with dn=
>cn=admin, dc=tcm, dc=pa, dc=gov, dc=br Error: Can't contact LDAP server
>Or either with ldapsearch: Can't connect to LDAP Server.

Samba is searching for some attribute that is not indexed.  Google
around for samba slapd.conf indexes and make sure you have all of them
in there.  Another way to do it is to tcpdump one session and see what
lookups its doing, then do them manually.  Anything that doesn't return
an instant answer is unindexed and inefficient and is what is slowing
your ldap responses down, which drags everything down, eventually
bumping you up against some limit, either OS limit or process limit.

>Here follows my slapd.conf (important sections):
>rest is default like access lists, index, etc, im using slapd
>2.0.23-6.3  , from Debian, 3.0r2 (stable)

Let's see the indexes you are using.

>Also I get like 20 established connections to my LDAP server and around 60
>with either SYN_RECV/CLOSE_WAIT on netstat , all by samba server.

Sounds right.

>ldap:/var/lib/ldap# du -sh *
>272k cn.dbb
>196k dn2id.dbb
>2.0M id2entry.dbb
>272k mail.dbb
>256k mailAlternateAddress.dbb
>8.0k nextid.dbb
>40k  objectClass.dbb
>0    replog
>0    replog.lock
>132k sn.dbb
>268k uid.dbb

so your indexes are cn, mail, mailAlternateAddress, objectclass, sn, and
uid.  Samba is searching for other attributes besides just those.  That
is what I suspect is slowing you down.  Again, look for someone's samba
slapd.conf index configuration in various samba/ldap HOWTOs.
-- 
Regards...		Todd
They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.       --Benjamin Franklin
Linux kernel 2.6.3-16mdkenterprise   2 users,  load average: 0.27, 0.16, 0.06

References:
- Question about fancy replication
  - From: Pavel Tcholakov <pcholakov@gmail.com>
- ldap is too slow, even uncommunicable.
  - From: "Bruno Lopes de Souza Benchimol" <brunobenchimol@terra.com.br>

Prev by Date: Re: forcing encryption for external server access while allowing unencrypted localhost connections
Next by Date: AttributeDescription contains inappropriate characters
Index(es):
- Chronological
- Thread