My olcDB values are listed below (minus the olcDbConfig entries). I'm not sure if you need the indexes but I've left them in anyway:
olcDbDirectory: /usr/local/authz/var/openldap-data/authorise olcAddContentAcl: FALSE olcDbCacheFree: 1 olcDbCacheSize: 400000 olcDbCheckpoint: 10240 10
olcDbDirtyRead: FALSE olcDbDNcacheSize: 0 olcDbIDLcacheSize: 1200000 olcDbIndex: autoMountKey eq olcDbIndex: cn pres,eq,sub olcDbIndex: eduniCategory eq olcDbIndex: eduniCollegeCode eq olcDbIndex: eduniIdmsId pres,eq olcDbIndex: eduniIDStatus eq olcDbIndex: eduniLibraryBarcode pres,eq olcDbIndex: eduniOrganisation pres,eq,sub olcDbIndex: eduniOrgCode eq olcDbIndex: eduniSchoolCode eq olcDbIndex: eduniServiceCode pres,eq olcDbIndex: eduniType eq olcDbIndex: eduniUnitCode eq olcDbIndex: eduPersonAffiliation pres,eq olcDbIndex: eduPersonEntitlement pres,eq olcDbIndex: eduPersonPrimaryAffiliation eq olcDbIndex: eduPersonPrincipalName eq olcDbIndex: eduPersonScopedAffiliation pres,eq olcDbIndex: eduPersonTargetedID eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: gecos pres,eq,sub olcDbIndex: gidNumber pres,eq olcDbIndex: krbName pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: memberOf pres,eq olcDbIndex: memberUid eq olcDbIndex: objectClass eq olcDbIndex: sn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: uniqueMember pres,eq olcDbIndex: userPassword eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbNoSync: FALSE olcDbSearchStack: 16 olcDbShmKey: 0
and my DB_CONFIG file contains:
set_cachesize 4 0 1 set_flags DB_LOG_AUTOREMOVE set_lk_max_objects 5000 set_lk_max_lockers 5000 set_lg_regionmax 41943040 set_lg_dir /usr/local/authz/slapd/trans-logs set_lk_max_locks 10000 set_lg_bsize 20971520 set_lg_max 83886080
I'm not using an SHM key (should I be?).
The search that I spotted this behaviour probably means nothing outside our environment as it's against a value in our local schema but for completeness it was:
(&(eduniCategory=201)(objectclass=inetorgperson))
I've seen the same behaviour with similar searches which we would expect to return a large number of results e.g. (&(eduPersonAffiliation=student)(objectclass=inetorgperson)) or indeed against groups with a lot of members.
You may wish to read over https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning. You can easily map the information there to a non-zimbra installation.
Thanks- your documentation on the DB tuning and SHM key is excellent. I can see a couple of things which I might change based on it but I'll wait to hear back before I jump in and start playing around with parameters.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
/****************************
Mark R Cairney ITI UNIX Section Information Services
Tel: 0131 650 6565 Email: Mark.Cairney@ed.ac.uk
****************************/