I've a tiny ldap service (only 6000 records) vith openldap 2.3.x rhel5.x master/slave; The first query takes me over 4 seconds (instead of taking less than 0.1.seconds): time ldapsearch -x -b "c=it" -s sub "(o=*)" -D "cn=Manager,dc=sir" -h www.example.com -w mypasswd The same query using one level takes only 0.4 seconds time ldapsearch -x -b "c=it" -s one "(o=*)" -D "cn=Manager,dc=sir" -h www.example.com -w mypasswd
I've tested the following: New brand system with openldap 2.4.x rhel6.x mirror mode: both queries take me less than 0.2 seconds New brand system with the same releases, 2.3.x rhel5.x: both queries take me less than 0.2 seconds
The problem should be in the prod. system: I've tried almost all: reindexing operations, better indexing options, more cache, better threads tuning, more cpu and ram to the servers ... nothing to do: the first quey takes more than 4 seconds.
The last operation was a "disaster recovery" of the prod. ldap: 1 stop ldap on both systems 2 slapcat to save the last good ldif 3 remove of all databases (rm -fr /var/lib/ldap/*) on both systems 4 recreate dirs, DB_CONFIG and restore ldif; restore permissions 5 start ldap service on both servers
And magically, the issue has gone! Now first query, yes the "bad" query with the subtree options, works like a charm, giving me the results in less than 0.1 seconds ....
Which could be the root cause? DB defragmentation? I was unable to find the root cause. PLS, help me to find some suggestions.
Regards Michele Masè
Anyone???????
---------- Forwarded message ---------- From: Michele Mase' michele.mase@gmail.com Date: Sun, May 6, 2012 at 2:33 PM Subject: Root cause: Strange OpenLdap performace issue To: openldap-technical@openldap.org
I've a tiny ldap service (only 6000 records) vith openldap 2.3.x rhel5.x master/slave; The first query takes me over 4 seconds (instead of taking less than 0.1.seconds): time ldapsearch -x -b "c=it" -s sub "(o=*)" -D "cn=Manager,dc=sir" -h www.example.com -w mypasswd The same query using one level takes only 0.4 seconds time ldapsearch -x -b "c=it" -s one "(o=*)" -D "cn=Manager,dc=sir" -h www.example.com -w mypasswd
I've tested the following: New brand system with openldap 2.4.x rhel6.x mirror mode: both queries take me less than 0.2 seconds New brand system with the same releases, 2.3.x rhel5.x: both queries take me less than 0.2 seconds
The problem should be in the prod. system: I've tried almost all: reindexing operations, better indexing options, more cache, better threads tuning, more cpu and ram to the servers ... nothing to do: the first quey takes more than 4 seconds.
The last operation was a "disaster recovery" of the prod. ldap: 1 stop ldap on both systems 2 slapcat to save the last good ldif 3 remove of all databases (rm -fr /var/lib/ldap/*) on both systems 4 recreate dirs, DB_CONFIG and restore ldif; restore permissions 5 start ldap service on both servers
And magically, the issue has gone! Now first query, yes the "bad" query with the subtree options, works like a charm, giving me the results in less than 0.1 seconds ....
Which could be the root cause? DB defragmentation? I was unable to find the root cause. PLS, help me to find some suggestions.
Regards Michele Masè
--On Tuesday, May 15, 2012 2:55 PM +0200 Michele Mase' michele.mase@gmail.com wrote:
Anyone???????
OpenLDAP 2.3 has not been supported for several years. Since it stopped development, there have been hundreds, if not over a thousand, bug fixes and improvements. Furthermore, I'm going to guess that you are running RH's build of OpenLDAP 2.3, which was even further behind than the last release of OpenLDAP 2.3. Given the information you provided, I would guess that there is some bug in the version of BDB that OpenLDAP was linked to that caused the error. I would note that at one point RH was linking OpenLDAP against BDB version 4.3, despite the fact OpenLDAP's configure script explicitly disabled such linking because BDB 4.3 was known to have serious issues. If your 2.3 OpenLDAP is linked to BDB 4.3 that could well be the cause of your issue.
Beyond that, trying to investigate any further is a waste of everyone's time. Upgrade to a modern supported version of OpenLDAP, and build your own packages, don't rely on distribution packages.
http://www.openldap.org/faq/data/cache/1456.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org