[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why slapd use so many system resource?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wang Penghui wrote:
| Hi all:
|
| I have a ldapserver which hosts about one hundred entries, everything
| works well until yesterday. I found that it could not be access by ldap
| client such as phpldapadmin. I checked the LDAP server status with some
| tools such as "top" and "ps aux | grep slapd"  and found that LDAP
| server has use almost all the system resources.
| Here is the result:
| #ps aux | grep slapd
|
| ldap      6973  0.0  0.5 175892 5264 ?       S    17:52   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      6975  0.0  0.5 175892 5264 ?       S    17:52   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      6976  0.0  0.5 175892 5264 ?       S    17:52   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7021 99.9  0.5 175892 5264 ?       R    17:53 209:36
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7069  0.0  0.5 175892 5264 ?       S    17:55   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7235  0.0  0.5 175892 5264 ?       S    17:59   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7252  0.0  0.5 175892 5264 ?       S    18:00   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7282  0.0  0.5 175892 5264 ?       S    18:01   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7299  0.0  0.5 175892 5264 ?       S    18:01   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      7429  0.0  0.5 175892 5264 ?       S    18:05   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap      9811  0.0  0.5 175892 5264 ?       S    20:15   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10237  0.0  0.5 175892 5264 ?       S    20:37   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10249  0.0  0.5 175892 5264 ?       S    20:38   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10424  0.0  0.5 175892 5264 ?       S    20:47   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10477  0.0  0.5 175892 5264 ?       S    20:49   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10478  0.0  0.5 175892 5264 ?       S    20:49   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10502  0.0  0.5 175892 5264 ?       S    20:50   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10523  0.0  0.5 175892 5264 ?       S    20:51   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap     10599  0.0  0.5 175892 5264 ?       S    20:57   0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| hartt    11105  0.0  0.0  1500  516 pts/1    S    21:22   0:00 grep slapd
|
| When i stop the slapd daemon, i found that all the process still in "ps
| aux".
| I have to kill all the process manually.
|
| After restart, the condition will appear again.
|
| Here is my configuration files slapd.conf
| ========Slapd.conf==========
| include         /etc/openldap/schema/core.schema
| include         /etc/openldap/schema/corba.schema
| include         /etc/openldap/schema/cosine.schema
| include         /etc/openldap/schema/inetorgperson.schema
| include         /etc/openldap/schema/java.schema
| include         /etc/openldap/schema/misc.schema
| include         /etc/openldap/schema/nis.schema
| include         /etc/openldap/schema/openldap.schema
| include         /etc/openldap/schema/qmail.schema
| include         /etc/openldap/schema/phpgwcontact.schema
| include         /etc/openldap/schema/phpgwaccount.schema
| pidfile         /var/run/openldap/slapd.pid
| argsfile        /var/run/openldap/slapd.args
|
| database        bdb
| suffix          "dc=xxx,dc=com"
| rootdn          "cn=Manager,dc=xxx,dc=com"
| rootpw          password
| directory       /var/lib/openldap-data
| index   objectClass     eq
|
| Any mistake?
|
| My version is openldap-2.1.26.
|

You don't really give enough information here. I could think of
scenarios where this would be normal behaviour, but it does look as if
you haven't done any real tuning. How many clients are you running? How
many queries are you getting (ie per minute)?

Firstly, you don't note if you have a DB_CONFIG file in
/var/lib/openldap-data. Secondly, you seem to only be indexing
objectclass. Please change your loglevel to 256, restart the server, and
~~ take logs from a reasonable typical work load on your server, and then
check those logs for the search filters being used by the ldap clients.
Ensure that each attribute used in a search filter is indexed (for
example by adding it to the index line above and running 'slapindex'
after stopping the LDAP server).

Please also check the FAQ-o-matic for more tuning information.

Oh, and it seems you are also missing some ACLs ...

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBKbVsrJK6UGDSBKcRAqJDAJwMODrIU5L+vR6+2dpzcvS04KG7jACcCFwF
hPMz6arE6Y5RDZ7hgnxpvj8=
=Z+yk
-----END PGP SIGNATURE-----