[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Why slapd use so many system resource?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wang Penghui wrote:
| Hi all:
|
| I have a ldapserver which hosts about one hundred entries, everything
| works well until yesterday. I found that it could not be access by ldap
| client such as phpldapadmin. I checked the LDAP server status with some
| tools such as "top" and "ps aux | grep slapd" and found that LDAP
| server has use almost all the system resources.
| Here is the result:
| #ps aux | grep slapd
|
| ldap 6973 0.0 0.5 175892 5264 ? S 17:52 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 6975 0.0 0.5 175892 5264 ? S 17:52 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 6976 0.0 0.5 175892 5264 ? S 17:52 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7021 99.9 0.5 175892 5264 ? R 17:53 209:36
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7069 0.0 0.5 175892 5264 ? S 17:55 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7235 0.0 0.5 175892 5264 ? S 17:59 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7252 0.0 0.5 175892 5264 ? S 18:00 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7282 0.0 0.5 175892 5264 ? S 18:01 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7299 0.0 0.5 175892 5264 ? S 18:01 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 7429 0.0 0.5 175892 5264 ? S 18:05 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 9811 0.0 0.5 175892 5264 ? S 20:15 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10237 0.0 0.5 175892 5264 ? S 20:37 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10249 0.0 0.5 175892 5264 ? S 20:38 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10424 0.0 0.5 175892 5264 ? S 20:47 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10477 0.0 0.5 175892 5264 ? S 20:49 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10478 0.0 0.5 175892 5264 ? S 20:49 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10502 0.0 0.5 175892 5264 ? S 20:50 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10523 0.0 0.5 175892 5264 ? S 20:51 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| ldap 10599 0.0 0.5 175892 5264 ? S 20:57 0:00
| /usr/lib/openldap/slapd -u ldap -g ldap
| hartt 11105 0.0 0.0 1500 516 pts/1 S 21:22 0:00 grep slapd
|
| When i stop the slapd daemon, i found that all the process still in "ps
| aux".
| I have to kill all the process manually.
|
| After restart, the condition will appear again.
|
| Here is my configuration files slapd.conf
| ========Slapd.conf==========
| include /etc/openldap/schema/core.schema
| include /etc/openldap/schema/corba.schema
| include /etc/openldap/schema/cosine.schema
| include /etc/openldap/schema/inetorgperson.schema
| include /etc/openldap/schema/java.schema
| include /etc/openldap/schema/misc.schema
| include /etc/openldap/schema/nis.schema
| include /etc/openldap/schema/openldap.schema
| include /etc/openldap/schema/qmail.schema
| include /etc/openldap/schema/phpgwcontact.schema
| include /etc/openldap/schema/phpgwaccount.schema
| pidfile /var/run/openldap/slapd.pid
| argsfile /var/run/openldap/slapd.args
|
| database bdb
| suffix "dc=xxx,dc=com"
| rootdn "cn=Manager,dc=xxx,dc=com"
| rootpw password
| directory /var/lib/openldap-data
| index objectClass eq
|
| Any mistake?
|
| My version is openldap-2.1.26.
|
You don't really give enough information here. I could think of
scenarios where this would be normal behaviour, but it does look as if
you haven't done any real tuning. How many clients are you running? How
many queries are you getting (ie per minute)?
Firstly, you don't note if you have a DB_CONFIG file in
/var/lib/openldap-data. Secondly, you seem to only be indexing
objectclass. Please change your loglevel to 256, restart the server, and
~~ take logs from a reasonable typical work load on your server, and then
check those logs for the search filters being used by the ldap clients.
Ensure that each attribute used in a search filter is indexed (for
example by adding it to the index line above and running 'slapindex'
after stopping the LDAP server).
Please also check the FAQ-o-matic for more tuning information.
Oh, and it seems you are also missing some ACLs ...
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBKbVsrJK6UGDSBKcRAqJDAJwMODrIU5L+vR6+2dpzcvS04KG7jACcCFwF
hPMz6arE6Y5RDZ7hgnxpvj8=
=Z+yk
-----END PGP SIGNATURE-----