Folks,
I'm using OpenLDAP under HPUX 11iv3 and am seeing inconsistent query response.
Environment details:
Host: HP rx6600
Processor: 2 x 2-core IA64
OS: HPUX 11iv3 March 2008 Data Center Environment
OpenLDAP: 2.4.10
Prerequisite software:
db 4.6.21
gdbm 1.8.3
gettext 0.17
libiconv 1.12
openssl A.09.08g.001 (HP distribution)
perl D.5.8.8.B (HP distribution)
Database:
Backend bdb
DN entries 870
CN entries 7807
DB_CONFIG contents:
set_flags db_auto_commit
set_flags db_log_autoremove
set_lg_dir /var/adm/ldap/dvesv
slapd.conf contents:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /descl/dvesv2/openldap/etc/qgov.schema
pidfile /descl/dvesv2/openldap/var/dvesv2-slapd.pid
argsfile /descl/dvesv2/openldap/var/dvesv2-slapd.args
sizelimit 100000
loglevel 3311
threads 16
database bdb
lastmod on
suffix "o=QLDGOV, c=au"
rootdn "cn=manager, o=QLDGOV, c=au"
directory /descl/dvesv2/openldap/bdb
rootpw secret
index objectClass,uniqueIdentifier eq
index cn,sn,givenName,uid,title,displayName eq,sub
access to attrs=userPassword
by * auth
access to dn.regex="(.+,)?ou=users,o=QLDGOV,c=au"
by * auth
access to dn.subtree="ou=Department of Emergency Services,o=QLDGOV,c=au"
by anonymous none
by dn.exact="cn=wl_ph_user,ou=users,o=QLDGOV,c=au" write
by dn.regex=".+,ou=users,o=QLDGOV,c=au" write
After building the database and starting the daemon, I used the following ldapsearch command to query the database (on the local host, so no remote network connection is involved):
ldapsearch -v -D cn=manager,o=QLDGOV,c=au -x -w secret -H ldap://10.2.84.11:5021 -b o=QLDGOV,c=au -z 0 '(cn=Hall)'
There were 22 responses.
Now:
1) There are no other users operating on the database.
2) The database contents are static (but slapd is not operating in read-only mode).
3) I tested access automatically with a loop of the form
i=1; while (( i <= 10 ))
do timex ldapsearch ... | grep ^real
let 'i += 1'
sleep 5
done
(i.e. I used timex(1) to report the real time response).
50.43, 17.41, 41.92, 19.16, 2.46, 27.63, 33.90, 0.15, 13.56, 34.11
Yet, after applying tusc -o /dev/null {slapd_pid}, the retrieval times immediately became
1.18, 0.40, 0.51, 0.40, 0.60, 0.40, 0.40, 0.40, 0.39, 0.38
Not only better, but uniformly better. Moreover, a similar (but to a lesser degree) effect was seen if I enabled LDAP debugging.
Any ideas on how to resolve this would be much appreciated.
Thanks.
Howard Bryden,
UNIX Administrator,
Qld. Govt. Dept. of Emergency Services,
Tel. 07 3109 5087
----------------------------------------------------------------------------------------------------------
Rocket J. Squirrel: "... we're going to have to think!"
Bullwinkle J. Moose: "There must be an easier way than that."
This correspondence is for the named persons only. It may contain confidential or privileged information or both. No confidentiality or privilege is waived or lost by any mis transmission. If you receive this correspondence in error please delete it from your system immediately and notify the sender. You must not disclose, copy or relay on any part of this correspondence, if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender except where the sender expressly, and with the authority, states them to be the opinions of the Department of Emergency Services, Queensland. |