[Date Prev][Date Next] [Chronological] [Thread] [Top]
Rép. : Re: openLdap 2.3.17 goes less quickly than 2.3.11 or 2.3.13

To: <p_pavlos@freemail.gr>
Subject: Rép. : Re: openLdap 2.3.17 goes less quickly than 2.3.11 or 2.3.13
From: "Eudes LEDUCQ" <LEDUCQ@hec.fr>
Date: Fri, 13 Jan 2006 18:16:21 +0100
Cc: <openldap-software@OpenLDAP.org>
Hi,
 
yes of course if you want:
 
-----------------------------------------------
 
my slapd.conf
 
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
 
include  /usr/local/openLdap2.3.17/etc/openldap/schema/core.schema
include  /usr/local/openLdap2.3.17/etc/openldap/schema/cosine.schema
include        
/usr/local/openLdap2.3.17/etc/openldap/schema/inetorgperson.schema
include  /usr/local/openLdap2.3.17/etc/openldap/schema/myperson.schema
include  /usr/local/openLdap2.3.17/etc/openldap/schema/dyngroup.schema
 
# Define global ACLs to disable default read access.
 
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
# referral ldaps://IP:636/
 
pidfile  /usr/local/openLdap2.3.17/var/run/slapd.pid
argsfile /usr/local/openLdap2.3.17/var/run/slapd.args
 
# Journalisation
loglevel 256
 
# Threads
threads 16
 
# Timelimit
timelimit unlimited
 
# Load dynamic backend modules:
modulepath /usr/local/openLdap2.3.17/
moduleload   unique.la
 
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
 
# Sample security restrictions
# Require integrity protection (preavent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
 
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
#  Allow self write access
#  Allow authenticated users read access
#  Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
 
##########################
#ACL
#########################
 
#include         /usr/local/openLdap2.3.17/etc/openldap/acl.conf
 
###########################
#SSL
###########################
 
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.pem
TLSCertificateKeyFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.key.pem
TLSCACertificateFile
/usr/local/openLdap2.3.17/certificats/monAnnuaireCAcert.pem
 
# Use the following if client authentication is required 
#TLSVerifyClient demand 
# ... or not desired at all 
TLSVerifyClient never 
 
###################################
# uses the chain overlay as global
# no chain-URI is configured, so the URI is parsed out of the referral
###################################
 
overlay         chain
chain-uri ldaps://IP:636
chain-idassert-bind bindmethod=simple
   binddn="cn=ldapappli1,ou=applis,o=monAnnuaire"
   credentials=inet2048
   mode=self
 
#######################################################################
# BDB database definitions
#######################################################################
 
###################
#database Meta
database        meta
suffix          "dc=metamonAnnuaire,dc=fr"
rebind-as-user  true
                                                                       
        
uri          
"ldaps://IP:1636/o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
"dc=monAnnuaire,dc=fr"
pseudorootdn  "cn=Manager,o=Managers,dc=monAnnuaire,dc=fr"
pseudorootpw  secret
 
uri          
"ldaps://IP:636/o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr" "o=Hec"
pseudorootdn  "cn=ldapappli1,o=applis,o=Hec"
pseudorootpw  inet2048
 
                                                         
uri           "ldaps://IP.217:636/dc=metamonAnnuaire,dc=fr"
suffixmassage "dc=metamonAnnuaire,dc=fr" "dc=monAnnuaire,dc=fr"
pseudorootdn  "cn=Manager,dc=monAnnuaire,dc=fr"
pseudorootpw  secret
                                                                       
        
lastmod  off
 
####################
#Principale database
 
database        bdb
suffix          "dc=monAnnuaire,dc=fr"
rootdn          "cn=Manager,dc=monAnnuaire,dc=fr"
#rootpw  {SSHA}wlKQDA9Leh27hh9Q9Nnn+ZaJhYC95RJH
rootpw  secret
 
# Controle
# schemacheck on
 
#overlays
overlay unique
unique_base "o=individus,dc=monAnnuaire,dc=fr"
unique_attributes uid
 

# database specific fragment
 
# Set the entry cache size to 5000.
cachesize 10000
 
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openLdap2.3.17/var/openldap-data
 
# Return in memory data that may not have 
# been written to disc
dirtyread
 
# Indices to maintain
index uid  eq
index   cn,sn,mail      pres,eq,approx,sub
index   objectClass     eq
 
# Depth of the stack used for search
# filter evaluation
searchstack 20
 
# Set transactional checkpoint.
checkpoint 512 15
 
---------------------------------------------------------
 
and my DB_CONFIG
 
# DB_CONFIG FILE
# The Berkeley Database backend retrieves most of its configuration and
tuning options from the DB_CONFIG file. 
# This file should be placed in the same directory as specified by the
directory configuration option in the slapd.conf file. 
 
# Lockdetect directive
set_lk_detect DB_LOCK_DEFAULT
 
# Set database flags.
# specify that the database does not need to be updated
# immediately with any in-memory recard
# set_flags DB_TXN_NOSYNC
 
# Set log values.
set_lg_max 5242880
set_lg_dir /usr/local/openLdap2.3.17/log
 
# Set temporary file creation directory.
set_tmp_dir /tmp
 
# Set the database in memory cache size.
# number of entry that the ldap backend will maintain im memory
set_cachesize 0 5242880 1
 
# Defines the time between checkpoint operation in BDB
# txn_checkpoint 128 15 0
 
thx


>>> Pavlos Parissis <p_pavlos@freemail.gr> 01/13 5:52  >>>
On Fri, 13 Jan 2006 14:10:19 +0100
"Eudes LEDUCQ" <LEDUCQ@hec.fr> wrote:

> Hi,
>  
> I have installed openLdap 2.3.17, I have the same config than my
> preceding directory (openLdap2.3.11), the same database. And the
> directory openLdap2.3.17 goes less quickly  than openLdap2.3.11 and
> openLdap2.3.13is it normal ?

I think that, if you give more informations then you will have more
changes to get a reply.

Regards,
Pavlos
Prev by Date: Rép. : Re: problem to download datas in database berkeley 4.4
Next by Date: Re: Comparing OpenLDAP on Linux 2.6/Sol 10 [ was Re: Berkeley DB versions ]
Index(es):
- Chronological
- Thread