Forgot to send my reply to the list as well. On 11/10/2010 11:41 AM, Atom Powers wrote: > > Sound like you need to do some work on your DB_CONFIG and LDAP indexes.
dbconfig set_cachesize 0 52428800 0. It strikes me as too low, but am looking into that. We don't currently use idlcache or slapd cache, which are referenced here: http://www.openldap.org/doc/admin24/tuning.html index objectClass eq index cn pres,eq index uidNumber eq index gidNumber eq index uid eq index member eq index memberUid eq index uniqueMember eq are also set. > > Do you know where your bottleneck is? Disk I/O, Processor, Memory > > context switching, etc? I believe processor-bound. Thread count is set to 32, which strikes me as a little high, per the tuning guide, but empirical tests showed it improved performance. > > Are you using nss_ldap? Unless they have changed it recently, nss_ldap > > does group lookups very inefficiently. (Instead of searching for > > groups the user is a member of it searches for all groups and then > > looks for the member ID.) If you can, you may want to disable ldap > > lookups for group membership and/or use nscd. We are using nss_ldap, but with nscd caching results. Also, we are running the lookups over SSL and the clients are set for persistent connections. -- -- John E. Jasen ([email protected]) -- "Deserve Victory." -- Terry Goodkind, Naked Empire _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
