Folks,
I'm using OpenLDAP under HPUX 11iv3 and am seeing inconsistent query response.
Environment details: Host: HP rx6600 Processor: 2 x 2-core IA64 OS: HPUX 11iv3 March 2008 Data Center Environment OpenLDAP: 2.4.10
Prerequisite software: db 4.6.21 gdbm 1.8.3 gettext 0.17 libiconv 1.12 openssl A.09.08g.001 (HP distribution) perl D.5.8.8.B (HP distribution)
Database: Backend bdb DN entries 870 CN entries 7807
DB_CONFIG contents: set_flags db_auto_commit set_flags db_log_autoremove set_lg_dir /var/adm/ldap/dvesv
slapd.conf contents: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /descl/dvesv2/openldap/etc/qgov.schema
pidfile /descl/dvesv2/openldap/var/dvesv2-slapd.pid argsfile /descl/dvesv2/openldap/var/dvesv2-slapd.args
sizelimit 100000 loglevel 3311 threads 16
database bdb lastmod on
suffix "o=QLDGOV, c=au" rootdn "cn=manager, o=QLDGOV, c=au" directory /descl/dvesv2/openldap/bdb rootpw secret
index objectClass,uniqueIdentifier eq index cn,sn,givenName,uid,title,displayName eq,sub
access to attrs=userPassword by * auth access to dn.regex="(.+,)?ou=users,o=QLDGOV,c=au" by * auth access to dn.subtree="ou=Department of Emergency Services,o=QLDGOV,c=au" by anonymous none by dn.exact="cn=wl_ph_user,ou=users,o=QLDGOV,c=au" write by dn.regex=".+,ou=users,o=QLDGOV,c=au" write
After building the database and starting the daemon, I used the following ldapsearch command to query the database (on the local host, so no remote network connection is involved):
ldapsearch -v -D cn=manager,o=QLDGOV,c=au -x -w secret -H ldap://10.2.84.11:5021 -b o=QLDGOV,c=au -z 0 '(cn=Hall)'
There were 22 responses.
Now: 1) There are no other users operating on the database. 2) The database contents are static (but slapd is not operating in read-only mode). 3) I tested access automatically with a loop of the form
i=1; while (( i <= 10 )) do timex ldapsearch ... | grep ^real let 'i += 1' sleep 5 done
(i.e. I used timex(1) to report the real time response).
50.43, 17.41, 41.92, 19.16, 2.46, 27.63, 33.90, 0.15, 13.56, 34.11
Yet, after applying tusc -o /dev/null {slapd_pid}, the retrieval times immediately became
1.18, 0.40, 0.51, 0.40, 0.60, 0.40, 0.40, 0.40, 0.39, 0.38
Not only better, but uniformly better. Moreover, a similar (but to a lesser degree) effect was seen if I enabled LDAP debugging.
Any ideas on how to resolve this would be much appreciated.
Thanks.
Howard Bryden, UNIX Administrator, Qld. Govt. Dept. of Emergency Services, Tel. 07 3109 5087
------------------------------------------------------------------------ ---------------------------------- Rocket J. Squirrel: "... we're going to have to think!" Bullwinkle J. Moose: "There must be an easier way than that."
This correspondence is for the named persons only. It may contain confidential or privileged information or both. No confidentiality or privilege is waived or lost by any mis transmission. If you receive this correspondence in error please delete it from your system immediately and notify the sender. You must not disclose, copy or relay on any part of this correspondence, if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender except where the sender expressly, and with the authority, states them to be the opinions of the Department of Emergency Services, Queensland.
Hi,
"Howard Bryden" hdbryden@emergency.qld.gov.au writes:
Folks,
I'm using OpenLDAP under HPUX 11iv3 and am seeing inconsistent query response
I'm not familiar with HPUX, but the following recommendations apply to any OS:
DB_CONFIG contents: set_flags db_auto_commit set_flags db_log_autoremove set_lg_dir /var/adm/ldap/dvesv
Add a set_cachesize <value> to DB_CONFIG
slapd.conf contents: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /descl/dvesv2/openldap/etc/qgov.schema
pidfile /descl/dvesv2/openldap/var/dvesv2-slapd.pid argsfile /descl/dvesv2/openldap/var/dvesv2-slapd.args
sizelimit 100000 loglevel 3311
set loglevel 0
access to dn.regex="(.+,)?ou=users,o=QLDGOV,c=au" by * auth access to dn.subtree="ou=Department of Emergency Services,o=QLDGOV,c=au" by anonymous none by dn.exact="cn=wl_ph_user,ou=users,o=QLDGOV,c=au" write by dn.regex=".+,ou=users,o=QLDGOV,c=au" write
This access rule would not work as expected
[...]
Any ideas on how to resolve this would be much appreciated.
-Dieter
Howard Bryden wrote:
Folks,
I'm using OpenLDAP under HPUX 11iv3 and am seeing inconsistent query response.
Environment details: Host: HP rx6600 Processor: 2 x 2-core IA64 OS: HPUX 11iv3 March 2008 Data Center Environment OpenLDAP: 2.4.10
Prerequisite software: *db* 4.6.21 *gdbm* 1.8.3 *gettext* 0.17 *libiconv* 1.12 *openssl* A.09.08g.001 (HP distribution) *perl* D.5.8.8.B (HP distribution)
Database: Backend* bdb* DN entries 870 CN entries 7807
*DB_CONFIG* contents: set_flags db_auto_commit set_flags db_log_autoremove set_lg_dir /var/adm/ldap/dvesv
*slapd.conf* contents: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /descl/dvesv2/openldap/etc/qgov.schema
pidfile /descl/dvesv2/openldap/var/dvesv2-slapd.pid argsfile /descl/dvesv2/openldap/var/dvesv2-slapd.args
sizelimit 100000 loglevel 3311 threads 16
database bdb lastmod on
Here, in yours database definitions, put it:
cachesize 10000 checkpoint 128 5
openldap-software@openldap.org
-
Dieter Kluenter -
Howard Bryden -
Jeronimo Zucco