[Kolab-devel] Re: OpenLDAP performance issues

Dieter Kluenter dieter at dkluenter.de
Fri May 20 10:39:10 CEST 2005

Hi Bernhard,

Bernhard Reiter <bernhard at intevation.de> writes:
> Hi Dieter,
> thanks a lot for your hints.
> I am still lacking the right level to spin this problem away,
> though. What would you suggest to get closer to the problem?
> Try openldap 2.2.26?

I think there is no need to update to OpenLDAP-2.2.26, 

> [Can you also copy Steffen on suggestions as he mainly does
> the Kolab-Server implementation. Thanks.]
> On Tuesday 10 May 2005 21:39, Dieter Kluenter wrote:
>> Bernhard Reiter <bernhard at intevation.de> writes:
>> >> An anonymous bind of nobody would reduce the number of searches, as
>> >> each bind requires two search operations.
>> >> I just wonder which client is not unbinding cleanly from slapd.
>> >
>> > If I remember correctly nobody was done for apache,=3D20
>> > though that does not answer the question.
>> >
>> > Dieter: As you have a lot  of experience with openldap,
>> > do you have any advise about issue707?
>> OK, I started with msg4273, which is most likely due to lacking
>> DB_CONFIG, insufficient idlecachesize and cachesize, probabely missing
>> indexed attributes as well.
>> msg4421:
>> LDBM is definitly NO choice, nor will be BerkeleyDB-4.3.27.
>> msg4536
>> I have seen this with a corrupted database after a uncleen
>> shutdown. So the database might got orrupted somehow, probabely
>> disabled write synchronization?
> It was _not_ disabled of course.=20
> Could a high number of checkpoint (like every 10 minutes) be a
> problem?

>> OpenLDAP will have a booth at Linuxtag and I will be there.
> Cool!

In general there are no optimised values for any  kind of operations,
thus my suggestions are based on a medium sized server with about 200
accounts and some 5,000 entries in the public addressbook.

1. provide a DB_CONFIG with sufficient cachesize, as a guessing some
   10 MB should be sufficient, but could be increased.
2. change to hdb backend, as this is optimized for search operations,
   but lack performance on heavy write operations.
3. in slapd.conf increase the value for cachesize to 2,000
4. add idlecachesize with a value of 6,000 to slapd.conf
5. checkpointing the logfile is only done after write operations, so
   10 minutes are OK, I would probabely increase the byte value to 512.
6. reduce idletimeout to 10 seconds, but mention in the docs that this
   value could be increased if problems occur with data transport.
7. configure clients to only search with scope one and set searchbase
   with appropriate DN's.
8. add 'database monitor' for ease of monitoring statistics.

By the way, the 'stop' in access rules is just redundant.


Dieter Klünter | Systemberatung
GPG Key ID:01443B53

More information about the devel mailing list