Le 07/06/2018 à 20:18, Mark Tilmes a écrit : > > LDAP list, >
Hello Mark, > > I have been trying to figure out this problem for a few weeks, I have > been reading the archives and searching google to no avail. > > > > We have a high load at the beginning of every minute due to automated > processes authenticating. During this time, authentications take from > about 5 seconds to as much as 12 seconds. I can even run an ldapwho > command directly on the ldap server and see the slowness. > > Looking at netstat, there are as many as 500 connections coming in to > each server around that time. The load has been processed within 20 > seconds. > > > > Here is some info on what I am running: > > RHEL 6.9 os > > Openldap 2.4.40 from the RHEL rpm > I think the first thing to answer is: you are running an old version, please upgrade. You can stay on RHEL 6.9 if you need to, but you should use a recent version of OpenLDAP, for example with LTB packages: https://ltb-project.org/documentation/openldap-rpm > > > These systems have 16 cpu’s but they are ~90% idle. The ldap database > is on mdb, it is 52M. There are 3657 entries. > > The systems have 32G of memory each, after buffers and cache, 12G is > free. I think just about everything this system does for disk is > cached in memory. > > The only other thing running on these servers is dns and ntp, but when > we turn those off, we still see the slowness. > > See below for my openldap configuration. > > > I am trying to figure out if this is an unreasonable load for these > servers and I just need more servers, or if there is some tuning I can > do to help with this? > > > > When I look at cn=threads,cn=monitor I see active threads go up to 16 > and pending threads go up to 127 or so. > > I increased threads but saw a similar result, all threads are active, > many are still pending. > > When increasing threads to 128, I ended up with this error message: > > mdb_opinfo_get: err MDB_READERS_FULL: Environment maxreaders limit > reached(-30790) > > I'm not sure what I can do about that. > > I'm also not sure if I also need to increase listener threads? Seems > like not since the threads are all active during the traffic burst. > > > We have 4 ldap servers, one handles writes and then syncs to the other > 3, so there are no writes on the other 3, and very few writes on the > master, just when we add users or change group memberships which is > infrequent, just a few times a month. > > > > Any advice is appreciated. > > > You are using mdb backend but it is not loaded in cn=modules. Did you recompile slapd to have mdb in slapd binary? MDB backend is very performant by default, but you can tune it with some options like maxreaders or envflags. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
