Hello, everyone,
There is a openldap installation on my gentoo server. The version of
server is net-nds/openldap-2.1.30-r2.
The hardware information is
CUP: Intel Xeon 2.4G x 2
MEM: 512M x 2
HD: SCSI 73G x 2 with Raid 1.
There are about 10000 entries in the openldap database.
There are 3600+ enties in a special ou. Before add acl setting to the
slapd.conf on the special ou, if i search the all the children of this
ou, with the follow command:
ldapsearch -x -D "cn=manager,dc=xxx" -w xxx -b "ou=specialou,dc=xxx" >
temp.file
It will take less than 1 sec to finished the query.
But after add the acl settings to the slapd.conf file.
The performance become very bad. It will take about 12-18 sec to return
all the result entries.
The acl setting i have added to the slapd.conf file is:
====BEGIN====
access to attrs="userPassword"
by dn="cn=manager,dc=xxx" write
by self write
by anonymous auth
by * none
access to filter="category=0 *"
by dn="cn=manager,dc=xxx" write
by dnattr=creatorsName write
by * none
access to dn="ou=contacts,ou=,dc=xxx"
attrs=children
by dn="cn=manager,dc=xxx" write
by dn.regex="uid=[^,]+,ou=contacts,ou=specialou,dc=xxx" write
by * none
access to dn.regex="^uid=[^,]+,ou=contacts,ou=specialou,dc=xxx$"
attrs=entry
by dn="cn=manager,dc=xxx" write
by dn.regex="uid=[^,]+,ou=contacts,ou=specialou,dc=xxx" write
by * none
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(!(category=5 FL))(category=11 GCC Member))"
by dn="cn=manager,dc=xxx" write
by dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=anonymous,ou=contacts,ou=specialou,dc=xxx" none
by self write
by users none
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(!(category=5 FL))(!(category=11 GCC Member)))"
by dn="cn=manager,dc=xxx" write
by dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=anonymous,ou=contacts,ou=specialou,dc=xxx" none
by self write
access to dn.subtree="ou=contacts,ou=specialou,dc=xxx"
filter="(&(category=5 FL)(category=11 GCC Member))"
by dn="cn=manager,dc=xxx" write
by dn="uid=duxiaolin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=wangjin,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=sunchengzhi,ou=contacts,ou=specialou,dc=xxx" write
by dn="uid=supertuxadmin,ou=contacts,ou=specialou,dc=xxx" write
by self write
by users read
access to dn.subtree="dc=xxx" by * write
===ENG===
And all the necessary attributes are indexed even the category which
appeared in the acl filter.
BTW, i have used the ldbm as the database backend. I have heard that the
ldbm backend will be discarded after 2.4, should i change to other
backend, such as bdb or gdbm.
Does the performance problems related by the ldbm backend?
Best regards
Wang Penghui
--
Name. Wang Penghui | ç éè
Tel. 0086-592-8389650
Mail. wangpenghui@gmail.com
Web. http://www.wangpenghui.name
Blog. http://www.wangpenghui.name/blog
Attachment:
signature.asc
Description: This is a digitally signed message part