When I write LDIFs to one node like delete user or remove user from group, we see spikes in authentication latency metrics (what's normally .2 - .5 second response time goes up to 15-30 seconds) across all nodes in the cluster at the same time.
I ran mdb_copy -c to compact the LDAP databases. The size went from 2.9G to 140M and the latency problem during inserts went away. I've noticed the LDAP data.mdb is growing about 25M per day. What accounts for the growth of free pages?
Do you have a lot of large groups that you frequently update?
Yes we have several groups with ~40k users from which we frequently add/remove users based on upstream user provisioning workflows.
--On Friday, April 16, 2021 12:01 PM -0700 Zetan Drableg zetan.drableg@gmail.com wrote:
Do you have a lot of large groups that you frequently update?
Yes we have several groups with ~40k users from which we frequently add/remove users based on upstream user provisioning workflows.
Are you replacing the entire group when you do that, or only adding/deleting specific users?
Either way, for 2.4 you definitely want to use sortvals. Likely what you need is OpenLDAP 2.5's multival feature as well.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Zetan Drableg