On Fri, 28 Mar 2003, Mike Denka wrote:
>
> I may try running the two on the same server if you think there would be
> a significant performance improvement. I notice both openldap and
You will probably get the biggest performance improvement if you use unix
sockets (ldapi:// ldap urls). Using localhost instead of ethernet can also help.
In general though unless you have enourmous numbers of requests/sec if your ldap
entries are cached correctly network latency won't matter that much.
> freeradius require as much RAM as they can get. They each use the
> lion's share of 512MB on 1Gh machine. No memory concerns about bundling
> them on the same server? Also, would you let me know when a fix for the
PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND
^^^^^ ^^^^^
26021 mysql 146 59 0 186M 150M sleep 698:57 0.24% mysqld
4685 nobody 29 58 0 255M 216M sleep 772:11 0.23% ns-slapd
[...]
18684 root 22 58 0 7136K 5536K sleep 12:37 0.07% radiusd
Are you counting SIZE or RES as memory usage? In general even the most heavily
used radius should not use a lot of memory. The above example is a radiusd (ldap
auth/mysql acct) handling about 100000 sessions a day. The SIZE (not RES) number
of radius can increase if you use the counter module but that does not mean that
the corresponding memory is used.
Openldap can use a lot of memory for its caches (entry/database) but that is
configurable and depends on your database size.
> ldap caching problem is in and where I can get it so I can load the
> latest version on openldap on the radius server?
>
> Thanks,
>
> Mike
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kostas
> Kalevras
> Sent: Friday, March 28, 2003 8:07 AM
> To: [EMAIL PROTECTED]
> Subject: RE: openldap-2.1.16 and freeradius not compatable(was rlm_ldap
> issues)
>
> On Fri, 28 Mar 2003, Mike Denka wrote:
>
> > Thanks for checking that out and for taking care of it. Will this
> pose
> > a performance problem for ldap authentication using the new openldap
> > libraries?
>
> No. The caching code was used only for the regular profiles anyway. And
> it never
> worked very nice. You are better off using an ldap server on localhost
> or
> unix sockets (ldapi://) if you need extra performance.
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
