Set your kernel parameters like this:
net.core.somaxconn = 100000 net.core.netdev_max_backlog = 100000 net.ipv4.tcp_keepalive_time = 300 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 100000 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_tw_recycle = 1 net.netfilter.nf_conntrack_tcp_timeout_established = 600
Set your slapd.config like this:
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/openldap/slapd.args olcPidFile: /var/run/openldap/slapd.pid olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 100000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcSizeLimit: -1 olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcListenerThreads: 4 olcLogLevel: 0 olcThreads: 32
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/openldap.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcPasswordHash: {SSHA} olcAccess: {0}to * by sockurl=ldapi:/// read by * break olcAccess: {1}to * by * none
dn: olcDatabase=monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: monitor olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE
dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcAccess: {0}to * by anonymous auth by * break olcAccess: {1}to * by * none olcSuffix: dc=foo,dc=bar olcDbDirectory: /usr/local/ldap/var/openldap-data olcDbIndex: objectClass eq olcDbIndex: cn,sn,uid pres,eq,approx,sub olcDbIndex: gidNumber eq olcDbIndex: givenName eq olcDbIndex: mail eq olcDbIndex: member eq olcDbIndex: uidNumber eq OlcDbMaxSize: 107374182400 olcDbEnvFlags: writemap olcDbEnvFlags: nometasync olcDbNoSync: FALSE olcRootDN: cn=Manager,dc=foo,dc=bar olcRootPW: secret
That will ramp your binds per second up to something better than you have now..
On Fri, Nov 3, 2017 at 6:02 PM, Tim tim@yetanother.net wrote:
No.. unfortunately not... :)
I was/am grasping at straws a little bit currently and just tweaking things one setting at a time to see if I can see any difference - admittedly, increasing threads has not improved the situation at all.
-- Tim
On Fri, Nov 3, 2017 at 3:44 PM, Quanah Gibson-Mount quanah@symas.com wrote:
--On Friday, November 03, 2017 1:11 PM +0000 Tim tim@yetanother.net wrote:
olcThreads: 512
You have 128 cores on your box? More threads != better performance. In fact, it will cause significant problems if it is set beyond what your system can handle.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
-- Tim tim@yetanother.net