File: README.TuningLDAP

package info (click to toggle)
gforge 4.5.14-22etch13
  • links: PTS
  • area: main
  • in suites: etch
  • size: 13,004 kB
  • ctags: 11,918
  • sloc: php: 36,047; sql: 29,050; sh: 10,538; perl: 6,496; xml: 3,810; makefile: 341; python: 263; ansic: 256
file content (61 lines) | stat: -rw-r--r-- 2,110 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
I paste here the interesting post of Lars Ehrhardt & Waldemar Brodkorb
about tuning LDAP

==============================================================
http://gforge.org/forum/message.php?msg_id=4435
By: lehrhardt

Hi,

we would like to share some hints regarding the improvement of OpenLDAP performance
on slow systems. Our GForge system is running on an Ultra Sparc 5 with 512 MB
RAM and 333 MHz.

Some of our users complained about slow cvs checkout and cvs handling with eclipse.
After some hours of debugging we have found a solution to this problem.

The main reason for the slow response is that if an application is trying to
resolve in which groups a user is, the complete directory tree is searched for
all uniqueMember and memberUID  matches. This is the default behavior of the
libnss-ldap package in Debian and it does take some time on slow systems.

Our solution was to recompile the libnss-ldap library without the 
configure option --enable-rfc2307bis.
In addition to that we installed nscd and created the following indeces:

index   objectClass             eq
index   cn,uid                  pres,eq
index   uidNumber,gidNumber     pres,eq
index   userPassword,memberUid  pres,eq
index   homeDirectory,gecos     pres,eq
index   loginShell              pres,eq

Hope this helps to improve performance - it certainly did on our system.

Kind regards
Lars Ehrhardt & Waldemar Brodkorb

______________________________________________________________________
Read and respond to this message at: 
http://gforge.org/forum/message.php?msg_id=4435
==============================================================

I would add some more instruction
When you add the indexes in /etc/ldap/slapd.conf
I was told it's much better to stop ldap
/etc/init.d/slapd stop
Then you run 
slapindex
restart ldap
/etc/init.d/slapd start 

On a debian box you can see the improvement doing 
ls /var/lib/gforge/chroot/home/users
If you have a properly configured libnss-ldap of course

Some more improvement can be done installing nscd the Name Service Cache Daemon
apt-get install nscd on debian.

Christian Bayle