Hi All -
We are currently attempting to migrate from a commercial LDAP server to OpenLDAP. Luckily our data is pretty standard, and the migration itself will be simple. I am having issues with our groups that programatically have large numbers of adds and deletes done to its member list. This transaction happens when a user logs into our website (the login mechanism compares their current groups with what they should have (from an external DB query) and makes the necessary adjustments). Other applications then use these groups for permissions.
We are using the basic uniquemember within a groupOfUniqueNames. Uniquemember is indexed with equality. When the groups are small, performance is quite good - but once the groups begin growing, the adds and deletes of the members really starts suffering ( greater than 2 - 3 seconds per person). The reads still seem good. On our existing LDAP store, we see response times of less than a second for this same transaction. We have about 175 groups, that range in size from 10 members to 50,000 members. Most of the groups are around 1,000 members. I can go into more detail of the exact sizes if needed.
I have a very basic configuration right now for testing. I've messed around with different transaction log settings, different caching settings and even played with DB_TXN_NOSYNC. DB_TXN_NOSYNC definitely helped, but its still not great. Can anyone recommend any settings that might help me improve the performance?
Thanks in advance!
My environment and settings: HP blade server, 8 cores @ 2.67Ghz, Redhat 5.3, OpenLDAP 2.4.25, Berkeley 5.1.25:
###### slapd.conf include /mypath/etc/openldap/schema/core.schema pidfile /mypath/var/run/slapd.pid argsfile /mypath/var/run/slapd.args access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to * by self write by users read by anonymous auth database bdb suffix "dc=my,dc=domain,dc=com" rootdn "cn=Manager,dc=my,dc=domain,dc=com" cachesize 500000 rootpw my_pass directory /mypath/var/openldap-data index objectClass eq index uniquemember eq index cn pres,eq,sub
###### DB_CONFIG
set_cachesize 2 0 1 set_flags DB_TXN_NOSYNC set_lg_bsize 5097152 set_lg_max 50485760
--On Tuesday, April 05, 2011 10:48 AM -0400 Al afrunning@gmail.com wrote:
My environment and settings: HP blade server, 8 cores @ 2.67Ghz, Redhat 5.3, OpenLDAP 2.4.25, Berkeley 5.1.25:
cachesize 500000
###### DB_CONFIG
set_cachesize 2 0 1 set_flags DB_TXN_NOSYNC set_lg_bsize 5097152 set_lg_max 50485760
You never state the size of your database (how many dns), or the disk size of your database (du -c -h *.bdb), so there is no way to tell if these settings are in any way valid.
I don't see a checkpoint setting for slapd.conf/cn=config, and I don't see an idlcachesize setting.
Also, you are definitely not using "dynamic" groups in the OpenLDAP sense of the word, although they would probably perform significantly better for you.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Al -
Quanah Gibson-Mount