[Date Prev][Date Next] [Chronological] [Thread] [Top]

Degradation performance and ldap block



Hi at all
I Have a openldap authentication system so structrured:

2 Dell Poweredge 1650 
2 CPU 1.26Ghz
Disk SCSI3 10000 rpm
2G RAM
OS Redhat 7.3
File System XFS
Openldap 2.1.22
Barkley DB 4.1.25 + patch

These servers are in master-slave mode.
I have 600 access in averange in 1 hour with a top 1200 accesses.
Every morning at 5:00, when nobody accesses to ldap, I upgrade the ldap on
server:
- I drop some nodes and I recreate the same nodes,
- I apply some modifications (some attributes have to modified)
I use only ldapadd,ldapdelete and ldapmodify commands.
All servers to access on slave to authenticate, I have a problem about
performance degradation and ldap block.
At start the performances are very good but in time the I have a performance
degradation. After 5-7 days it's
Very-very slow and it doesn't able to authenticate, so I stop the slave and
run slapindex but it doesn't work I have
To kill them(the first time that I tried after 18 min it doesn't terminate).
The solution after this is copy the db from master to slave.
I have add new index in slapd.conf but nothing.

Below the master and slave configuration

#MASTER
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/qmail.schema
include         /usr/local/etc/openldap/schema/finecocity.schema
include         /usr/local/etc/openldap/schema/horde.schema

password-hash   {MD5}

#allow tls_2_anon
allow bind_v2
disallow tls_authc
#TLSCertificateFile      /usr/local/etc/openldap/nettuno.cert
#TLSCertificateKeyFile   /usr/local/etc/openldap/nettuno.key
#TLSCACertificateFile    /usr/local/etc/openldap/ca.cert

#This directive specifies the maximum number of entries to return from a
search operation.
#Default value is 500
sizelimit 3000

#Time out after this time
idletimeout 8

schemacheck     on
pidfile         /var/slapd.pid
argsfile        /var/slapd.args
loglevel        256 #error only

#readonly on
database bdb
suffix  "dc=it"
rootdn  "cn=manager,dc=it"
#echo "rootpwd `slappasswd -h {MD5}`" >> slapd.conf per generarla
rootpw *******************

directory /var/lib/ldap

#master ldap configuration
#mettere tls=yes
replogfile /var/lib/ldap/replica/slapd.replog
replica host=urano.finecocity.it
        tls=no
        binddn="cn=replica,dc=finecocity,dc=it"
        bindmethod=simple
        credentials=p4lom4bl4nc4

index uid,cn,mail,sn                                            pres,eq,sub
index mailalternateaddress,mailforwardingaddress                pres,eq
index objectClass                                               pres,eq
index dnmember,rfc822member,manager,departmentnumber            pres,eq
#made acl list for access
include /usr/local/etc/openldap/slapd.access


#SLAVE
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/qmail.schema
include         /usr/local/etc/openldap/schema/finecocity.schema
include         /usr/local/etc/openldap/schema/horde.schema

password-hash   {MD5}

#allow tls_2_anon
allow bind_v2
disallow tls_authc
#TLSCertificateFile      /usr/local/etc/openldap/nettuno.cert
#TLSCertificateKeyFile   /usr/local/etc/openldap/nettuno.key
#TLSCACertificateFile    /usr/local/etc/openldap/ca.cert

#This directive specifies the maximum number of entries to return from a
search operation.
#Default value is 500
sizelimit 3000
#Time out after this time
idletimeout 8

schemacheck     on
pidfile         /var/slapd.pid
argsfile        /var/slapd.args
#loglevel        256 #error only
loglevel        8 #error only

database bdb
suffix  "dc=it"
rootdn  "cn=manager,dc=it"
#echo "rootpwd `slappasswd -h {MD5}`" >> slapd.conf per generarla
rootpw {SSHA}+IdFmrTxkajl4yCVmYSCIVXm1Tosxoa3

directory /var/lib/ldap

updatedn "cn=replica,dc=finecocity,dc=it"
updateref ldap://nettuno..finecocity.it:389

index uid,cn,mail,sn                                            pres,eq,sub
index mailalternateaddress,mailforwardingaddress                pres,eq
index objectClass                                               pres,eq
index dnmember,rfc822member,manager,departmentnumber            pres,eq

#made acl list for access
include /usr/local/etc/openldap/slapd.access

Any idea to resolve the problem.
Maurizio