--On Thursday, September 01, 2005 12:42 AM -0500 Ben Beuchler <[EMAIL PROTECTED]> wrote:
The saga continues... As you may recall, I was experiencing some timeouts to my slapd server. After much advice from several members of the list, I tweaked my DB_CONFIG and slapd-bdb settings. This seemed to help, but the problem returned when our new students stopped in for registration. I saw several hundred entries like these in the logs: Aug 27 15:46:46 swizzle slapd[22099]: connection_input: conn=2199 deferring operation: binding Aug 27 15:55:21 swizzle slapd[22099]: connection_input: conn=2673 deferring operation: binding Aug 27 15:56:00 swizzle slapd[22099]: connection_input: conn=1655 deferring operation: too many executing Aug 27 15:56:02 swizzle slapd[22099]: connection_input: conn=1655 deferring operation: too many executing Feeling extremely clever, I began increasing the value of "threads" until the problem went away. I ended up setting it to 100. Watching the number of threads in the process table (I'm running linux, so they're visible) I seem to set at betwenn 65 and 85. Doing some reading today on the OpenLDAP site, it sounds like this is ridiculously high. The FAQ implies that it's rare for anyone to need more than the default 16 threads. Our LDAP directory contains around 1400 entries and is used as authentication for around 300 OS X workstations and 1100 email accounts. This results in just shy of 200,000 individual binds in a 24 hour period. Is it silly for me to think that I may need that many threads? Or is it more likely that I didn't really fix that timeout problem and, as a result, am hanging on to threads much longer than I should? I'm suspicious that individual LDAP sessions may be sticking around a lot longer than they should, as I am seeing a *lot* more "BIND" log entries than I am "UNBIND". For example: swizzle:/var/log# grep ' BIND' slapd.log|wc -l 142308 swizzle:/var/log# grep ' UNBIND' slapd.log|wc -l 36520 Thanks for any input you may have! -Ben ==================== Current DB_CONFIG settings: ==================== swizzle:/var/log# egrep -v '(^#|^$)' /var/lib/ldap/DB_CONFIG set_cachesize 0 8388608 0 set_lg_bsize 524288 set_lk_max_objects 5000 set_lk_max_locks 5000 set_lk_max_lockers 5000 ==================== DB settings from slapd.conf: ==================== backend bdb checkpoint 512 30 cachesize = 2000 idlcachesize = 6000
I suggest you investigate the "idletimeout" directive. ;) --Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html "These censorship operations against schools and libraries are stronger than ever in the present religio-political climate. They often focus on fantasy and sf books, which foster that deadly enemy to bigotry and blind faith, the imagination." -- Ursula K. Le Guin
