Hello everybody,
My Name is Andi and I come from Germany. I am very new in LDAP and worked with it the last half year. It is very interesting to work with LDAP but I still have some questions and maybe (hopefully) you can help me.
Information to my case: My environment is relativ big. I have 2 LDAP Masters and 8 LDAP Slaves. I configured both Masters with the Master-Master Syncreplication. Also all Slaves sync with the Master 1. The second Master is only Backup. I build a really big database (~1.000.000 entrys) to see how LDAP handle this. Now my questions:
1. I want to know how LDAP works innside. If I tell LDAP which attributes to index, what does LDAP do? When does LDAP index the attributes and how much time/performance cost that? What is the LDAP indexing Process?
2. A very strange behaviour occurs after on a given time. The CPU Load increase dramatically and I do not know why. Is it indexing or the Master Master configuration? What else can generate this CPU Problem?
3. The last point is about LDAP Security. The normal backup way is to use slapcat and slapadd. Is it possible to simply copy the whole database for a correct working backup. So if LDAP Master break down I simply copy the backuped database to the LDAP directory and everyting works? I tested it before and at the first time it looks good but If I want to search an entry with some filter rules (e.g. uid=abc) it doesn't bring any entrys although the entry exists. If I do not use filter, it works correctly. What can be the problem here?
Hopefully you experts can help me here because I invested so much time in this and I did not find any way to do it. Thank you and have a great day.
Andi
On Mon, Jan 12, 2009 at 03:36:07PM +0000, Andi Gorhan wrote:
My environment is relativ big. I have 2 LDAP Masters and 8 LDAP Slaves. I configured both Masters with the Master-Master Syncreplication. Also all Slaves sync with the Master 1. The second Master is only Backup. I build a really big database (~1.000.000 entrys) to see how LDAP handle this. Now my questions:
- I want to know how LDAP works innside. If I tell LDAP which attributes to index, what does LDAP do?
When does LDAP index the attributes and how much time/performance cost that? What is the LDAP indexing Process?
If you added the index to the config before loading the data then the indexing is done as each entry is loaded.
If you added the index after loading the data then it depends on how your server is configured: you will probably have to stop slapd and run slapindex to build the indexes.
Indexing 1M entries is likely to take time. If you post the server config and an example entry then maybe someone on the list can compare it to their own setup. Disk speed and amount of RAM will have a big effect, and so will the way you set database tuning parameters.
- A very strange behaviour occurs after on a given time. The CPU Load increase dramatically and I do not know why.
Is it indexing or the Master Master configuration? What else can generate this CPU Problem?
You need to post more details: SLAPD config files and DB_CONFIG at least.
- The last point is about LDAP Security. The normal backup way is to use slapcat and slapadd. Is it possible to
simply copy the whole database for a correct working backup. So if LDAP Master break down I simply copy the backuped database to the LDAP directory and everyting works? I tested it before and at the first time it looks good but If I want to search an entry with some filter rules (e.g. uid=abc) it doesn't bring any entrys although the entry exists. If I do not use filter, it works correctly. What can be the problem here?
You cannot just copy the files of a running database. You must either shut down slapd before starting the backup, or you must follow the Berkeley DB backup instructions. In either case I would advise keeping a slapcat backup as well.
Andrew
openldap-software@openldap.org