On 14/07/17 20:57, Josh Catana wrote:
Thank you both for the advice. I appreciate it.
It seems like indexing aliasedObjectName helped. but I also put a problem system on its own replica. load from slapd seemed to drop from 1500% down to a normal level, <50%.
Nice replica:-) I don't see how indexing aliasedObjectName could help.
Instead of having separate copies of each user in separate branches. We just have a master branch and alias the users into the branches for systems they are allowed access into. It seemed like an efficient way to do things. We'd only have to update a single object if the user ever had any change. Otherwise we'd have to maintain a copy of each user object in each instance they belonged to.
Maybe I'll have to rethink our architecture. Any recommendations?
If you have a deep structure with something like uid=username,ou=foo,ou=bar,ou=baz,dc=example,dc=com switch to a flat uid=username,cn=people,dc=example,dc=com where each person has a membership attribute or something similar which says where he belongs. See e.g. attribute eduPersonOrgUnitDN in the eduPerson schema: http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602....
If that's not feasible, go with with data duplication: Keep a single "master" copy of each user somewhere - in an LDAP server or somewhere else - and generate his other LDAP entries from that.