[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Casual benchmarking OS performace with OpenLDAP
Hi James,
Take a look at http://www.symas.com/benchmark.shtml. We've spent some time
doing this in a more formal manner, and it may save you some time. We've
also provided the tuning information that helped us achieve the results we
did.
Hope this helps...
Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-
> software@OpenLDAP.org] On Behalf Of James F. Hranicky
> Sent: Wednesday, March 30, 2005 9:15 AM
> To: openldap-software@OpenLDAP.org
> Subject: Casual benchmarking OS performace with OpenLDAP
>
> I'm in the process of trying to find the best OS platform on which to run
> OpenLDAP as a backend for Heimdal and Samba, as well as a replacement for
> NIS.
>
> Currently, I have a machine with a 2.8GHz Xeon and a 140G drive which
> holds both Debian Linux (kernel 2.6.11) and Solaris 10 x86 .
>
> Here is the pertinent server info:
>
> Linux:
> OpenLDAP 2.3.2beta (gcc -O2)
> DB 4.2.52 w patches (Debian default)
>
> Solaris x86:
> OpenLDAP 2.3.2beta (SUNWspro/cc -xO4)
> DB 4.2.52 w patches (SUNWspro/cc -xO4)
>
>
> I'm using a simple test of running 10 ldapsearch processes like so:
>
> for i in 0 1 2 3 4 5 6 7 8 9 ; do
> time ldapsearch -H ldap://server.cise.ufl.edu -x > /dev/null &
> done
>
> My client machine is a solaris x86 box with a couple of 2.8GHz Xeon
> processors.
>
> My LDAP database has 8421 records. Here are some sample entries of
> ou=Users, ou=Groups, and ou=Netgroups:
>
> dn: uid=nobody,ou=Users,dc=test,dc=org
> cn: nobody
> sn: nobody
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: posixAccount
> gidNumber: 514
> uid: nobody
> uidNumber: 65534
> homeDirectory: /dev/null
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\server\nobody
> sambaHomeDrive: H:
> sambaProfilePath: \\server\profiles\nobody
> sambaSID: S-1-5-21-0000-0000-0000-501
> sambaPrimaryGroupSID: S-1-5-21-0000-0000-0000-514
> sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> sambaAcctFlags: [NU ]
> loginShell: /bin/false
>
> dn: cn=operator,ou=Groups,dc=test,dc=org
> objectClass: posixGroup
> objectClass: top
> objectClass: sambaGroupMapping
> cn: operator
> gidNumber: 10
> sambaSID: S-1-5-21-0000-0000-0000-200009
> sambaGroupType: 5
> memberUid: user1
> memberUid: user2
> memberUid: user3
> memberUid: user4
> memberUid: user5
> memberUid: user6
> memberUid: user7
> memberUid: user8
> memberUid: user9
> memberUid: user10
>
> dn: cn=operator,ou=Netgroups,dc=test,dc=org
> objectClass: top
> objectClass: nisNetgroup
> cn: operator
> nisNetgroupTriple: (-,user1,domain)
> nisNetgroupTriple: (-,user2,domain)
> nisNetgroupTriple: (-,user3,domain)
> nisNetgroupTriple: (-,user4,domain)
> nisNetgroupTriple: (-,user5,domain)
> nisNetgroupTriple: (-,user6,domain)
> nisNetgroupTriple: (-,user7,domain)
> nisNetgroupTriple: (-,user8,domain)
> nisNetgroupTriple: (-,user9,domain)
> nisNetgroupTriple: (-,user10,domain)
>
> [ I did make a minor modification to the nis.schema. The PADL nss_ldap
> module had
> trouble querying the netgroups unless I changed the nisNetgroupTriple
> definition
> from
>
> attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
> DESC 'Netgroup triple'
> SYNTAX 1.3.6.1.1.1.0.0 )
>
> to
>
> attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
> EQUALITY caseExactIA5Match
> SUBSTR caseExactIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>
> ]
>
> Here's the slapd.conf I'm using:
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include
> /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/misc.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/samba.schema
> include /usr/local/etc/openldap/schema/krb5-kdc.schema
>
> allow bind_v2
> allow bind_anon_cred
> allow bind_anon_dn
> allow update_anon
>
> pidfile /var/run/slapd.pid
> database bdb
> directory /var/ldap/db
> modulepath /usr/local/libexec/openldap
> lastmod on
> cachesize 100000
> sizelimit unlimited
> idlcachesize 300000
> threads 20
>
> suffix dc=test,dc=org
> rootdn cn=ldapadmin,dc=test,dc=org
> rootpw XXXXXXXXXXXXXX
>
> sasl_host server.cise.ufl.edu
> sasl_realm CISE.UFL.EDU
>
> index objectclass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
> index nisNetgroupTriple pres,sub,eq
> index memberNisNetgroup pres,eq,sub
> index krb5PrincipalName pres,eq
>
> TLSCACertificateFile /usr/local/lib/ssl/certs/-cacert.pem
> TLSCertificateKeyFile /usr/local/lib/ssl/certs/server.cise.ufl.edu-
> key.pem
> TLSCertificateFile /usr/local/lib/ssl/certs/server.cise.ufl.edu-
> cert.pem
>
> sasl-regexp
> "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
> "cn=ldapadmin,dc=test,dc=org"
>
> sasl-regexp
> "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
> "krb5PrincipalName=kadmin/admin@CISE.UFL.EDU"
>
> sasl-regexp
> "uid=(.+),cn=plain,cn=auth"
> "uid=$1,ou=Users,dc=test,dc=org"
>
> sasl-regexp
> "uid=(.+),cn=gssapi,cn=auth"
> "uid=$1,ou=Users,dc=test,dc=org"
>
> access to dn=""
> by * read
>
> access to dn.base=""
> by * read
>
> access to *
> by dn="cn=ldapadmin,dc=test,dc=org" write
> by self write
> by * read
> by anonymous auth
>
> access to attr=supportedSASLMechanisms,subschemaSubentry
> by anonymous read
> by * read
>
> Also, here's the DB_CONFIG:
>
> set_cachesize 0 104857600 1
> set_lg_regionmax 1048576
> set_lg_max 10485760
> set_lg_bsize 2097152
> set_flags DB_TXN_NOSYNC
>
> Note this is still a test server, so these are not necessarily the final
> forms of the slapd.conf/DB_CONFIG .
>
> My results with this setup are suprising. A run of the 10 ldapsearch
> requests at a time yield the following (20 server threads):
>
> Linux : 10 ldapsearches on (objectClass=*) : ~3:15
> Sol10x86 : 10 ldapsearches on (objectClass=*) : ~0:06.5
>
> So the queries that take over 3 minutes on Linux take less that 7 seconds
> on Solaris x86.
>
> Here are results for changing the number of threads:
>
> Linux:
>
> Threads Shortest Longest Average
> -------------------------------------------
> 8 2:07 3:19 2:34
> 4 1:18 3:19 2:14
> 2 (awful)
>
> To my suprise, Solaris showed the same kinds of improvements with fewer
> threads,
> bringing the shortest search time down to 2 1/2 seconds:
>
> Threads Shortest Longest Average
> -------------------------------------------
> 8 0:05.5 0:07 ~0:06
> 4 0:02.5 0:06.7 ~0:04.6
> 2 (didn't bother)
>
> Ultimately, I'm interested in finding out why the Linux results are so
> much poorer -- I'm relatively new to OpenLDAP and want to make sure I'm
> not making any elementary mistakes before we go live with the new setup,
> as it will be a Big Deal.
>
> Does anyone have any comments on this setup or these tests?
>
> Thanks,
>
> ----------------------------------------------------------------------
> | Jim Hranicky, Senior SysAdmin UF/CISE Department |
> | E314D CSE Building Phone (352) 392-1499 |
> | jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh |
> ----------------------------------------------------------------------