[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Degradation performance and ldap block
Hi at all
I Have a openldap authentication system so structrured:
2 Dell Poweredge 1650
2 CPU 1.26Ghz
Disk SCSI3 10000 rpm
2G RAM
OS Redhat 7.3
File System XFS
Openldap 2.1.22
Barkley DB 4.1.25 + patch
These servers are in master-slave mode.
I have 600 access in averange in 1 hour with a top 1200 accesses.
Every morning at 5:00, when nobody accesses to ldap, I upgrade the ldap on
server:
- I drop some nodes and I recreate the same nodes,
- I apply some modifications (some attributes have to modified)
I use only ldapadd,ldapdelete and ldapmodify commands.
All servers to access on slave to authenticate, I have a problem about
performance degradation and ldap block.
At start the performances are very good but in time the I have a performance
degradation. After 5-7 days it's
Very-very slow and it doesn't able to authenticate, so I stop the slave and
run slapindex but it doesn't work I have
To kill them(the first time that I tried after 18 min it doesn't terminate).
The solution after this is copy the db from master to slave.
I have add new index in slapd.conf but nothing.
Below the master and slave configuration
#MASTER
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/finecocity.schema
include /usr/local/etc/openldap/schema/horde.schema
password-hash {MD5}
#allow tls_2_anon
allow bind_v2
disallow tls_authc
#TLSCertificateFile /usr/local/etc/openldap/nettuno.cert
#TLSCertificateKeyFile /usr/local/etc/openldap/nettuno.key
#TLSCACertificateFile /usr/local/etc/openldap/ca.cert
#This directive specifies the maximum number of entries to return from a
search operation.
#Default value is 500
sizelimit 3000
#Time out after this time
idletimeout 8
schemacheck on
pidfile /var/slapd.pid
argsfile /var/slapd.args
loglevel 256 #error only
#readonly on
database bdb
suffix "dc=it"
rootdn "cn=manager,dc=it"
#echo "rootpwd `slappasswd -h {MD5}`" >> slapd.conf per generarla
rootpw *******************
directory /var/lib/ldap
#master ldap configuration
#mettere tls=yes
replogfile /var/lib/ldap/replica/slapd.replog
replica host=urano.finecocity.it
tls=no
binddn="cn=replica,dc=finecocity,dc=it"
bindmethod=simple
credentials=p4lom4bl4nc4
index uid,cn,mail,sn pres,eq,sub
index mailalternateaddress,mailforwardingaddress pres,eq
index objectClass pres,eq
index dnmember,rfc822member,manager,departmentnumber pres,eq
#made acl list for access
include /usr/local/etc/openldap/slapd.access
#SLAVE
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/finecocity.schema
include /usr/local/etc/openldap/schema/horde.schema
password-hash {MD5}
#allow tls_2_anon
allow bind_v2
disallow tls_authc
#TLSCertificateFile /usr/local/etc/openldap/nettuno.cert
#TLSCertificateKeyFile /usr/local/etc/openldap/nettuno.key
#TLSCACertificateFile /usr/local/etc/openldap/ca.cert
#This directive specifies the maximum number of entries to return from a
search operation.
#Default value is 500
sizelimit 3000
#Time out after this time
idletimeout 8
schemacheck on
pidfile /var/slapd.pid
argsfile /var/slapd.args
#loglevel 256 #error only
loglevel 8 #error only
database bdb
suffix "dc=it"
rootdn "cn=manager,dc=it"
#echo "rootpwd `slappasswd -h {MD5}`" >> slapd.conf per generarla
rootpw {SSHA}+IdFmrTxkajl4yCVmYSCIVXm1Tosxoa3
directory /var/lib/ldap
updatedn "cn=replica,dc=finecocity,dc=it"
updateref ldap://nettuno..finecocity.it:389
index uid,cn,mail,sn pres,eq,sub
index mailalternateaddress,mailforwardingaddress pres,eq
index objectClass pres,eq
index dnmember,rfc822member,manager,departmentnumber pres,eq
#made acl list for access
include /usr/local/etc/openldap/slapd.access
Any idea to resolve the problem.
Maurizio