Hello,
Here at UCI we have just deployed syncrepl to replicate our LDAP
directory. Unfortunately, we use an old directory structure (PH/QI)
for our master database, and ldap gets updates from that system in
batch. The batch process updates our master LDAP server, and
syncrepl is used to push the changes out to all the other LDAP
servers. This causes somewhere around 100 to 1000 entries to be
updated all at once (out of 80k + entries in the LDAP directory).
The problem we are experiencing is that when a syncrepl slave
receives a bunch of updates, queries to these slaves slow down
tremendously. We are talking going from a sub second query time for
a single LDAP entry, to, in some cases, over 20 seconds response time
for simple queries. This is causing all sorts of problems for us.
One thing to note: the master does basically the same updates, but
through an normal ldap client, rather than through syncrepl -- and it
does not experience this slowness.
We are using BDB, Openldap ver. 2.3.28 and our syncrepl entry looks
something like this:
syncrepl rid=11
provider=ldap://ldap3.nac.uci.edu:389
type=refreshAndPersist
interval=0:00:00:05
searchbase="OU=University of California Irvine,
O=University of
California, C=US"
filter="(objectClass=*)"
scope=sub
schemachecking=off
sizelimit=0
timelimit=0
updatedn="cn=root,OU=University of California
Irvine, O=Universi
ty of California, C=US"
bindmethod=simple
binddn="uid=nsp,OU=University of California Irvine,
O=University
of California, C=US"
credentials="REMOVED"
starttls=yes
retry=1,2,3,4,5,+
Any help would be appreciated,
-Paul Main
Network and Academic Computing Services
University of California, Irvine