[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap very fast on one machine, slow on another



Quanah Gibson-Mount wrote:



--On Friday, October 15, 2004 11:45 AM -0500 Jason Joines <joines@bus.okstate.edu> wrote:

I have OpenLDAP 2.2 set up on a test machine and it's very fast.
Once I got it set the way I wanted I did an install on a production
machine and it's very slow. It's so slow that if I tell sshd to only
allow certain groups to authenticate, it fails because it times out
before the groups are retrieved. On the test (fast) machine the "groups
user" command takes less than 1 second to retrieve the list of users. On
the production (slow) machine, it takes almost 13 seconds for the same
user. If I point the slow machine at the fast machine it still takes
less than 1 second as opposed to the 13 seconds for localhost. The same
time difference is obvious using ldapsearch as well.


    The only difference I can find between the machine is that the fast
test machine is an old Dell OptiPlex Gx1p desktop with a PII 600 and 256
MB RAM and the slow production machine is a Dell PowerEdge 2550 with a
PIII 1000 and 512 MB RAM.

    They both have the same data in the directory, the same
configuration, same software versions:

SuSE Linux 9.1
OpenLDAP 2.2.6


I suggest updating to OpenLDAP 2.2.17, since there have been a number of issues fixed since 2.2.6 (just a suggestion though. ;) ).

pam_ldap 169
nss_ldap 215
openssl 0.9.7d
db 4.2.52


Is this stock BDB 4.2.52? Or is it BDB 4.2.52 with the necessary patches that have since been released by sleepycat? If you haven't applied the sleepycat patches, you are likely to run into problems.


/etc/ldap.conf match /etc/slapd.conf match /etc/security/pam_unix2.conf match /etc/nsswitch.conf match /etc/sysconfig/ldap match /etc/sysconfig/openldap match

Actually, I just found something that doesn't match. The fast box is
using kernel 2.6.5 and the slow box is using 2.6.8.


Any ideas on how to track down what's causing this problem?


It sounds to me like there might be issues with your BDB database on the "slow" machine. I'll note that I have OpenLDAP set up on a Dell 1750 (Dual Xeon 3.0GHz processors) and it is blazingly fast. ;)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html


Something else interesting. I just changed the database setting in slapd.conf from bdb to ldbm. Then I shutdown openldap, deleted the databases in /var/lib/ldap and tried to put the data back in with "/usr/sbin/slapadd -v -l /local/ldif/import.ldif". I only have 323 total entries in my directory and import.ldif is a recent slapcat dump. It's been running for over 10 minutes now and hasn't even made it through the first 80 entries yet.

Jason
===========