Re: OpenLDAP performance and slapindex

2016-12-14 Thread Quanah Gibson-Mount 
--On Wednesday, December 14, 2016 9:36 PM + "Real, Elizabeth (392K)" 
 wrote:





Thank you for the quick response.



I have spent a lot of time configuring version 2.4.40. Is there a guide
on how to upgrade to 2.4.44 and switch to back-mdb? we rolled out 2.4.40
today and would need to plan the next upgrade.


As long as it is linked to the same BDB libraries as your 2.4.40 build, it 
is simply a drop in binary upgrade.



What tool do you recommend for monitoring ldap performance?


I suggest applying the operation duration patch:


That will tell you exactly how long each operation is taking in slapd, as 
long as you have "stats" logging enabled.  Then you can tell if the issue 
is at the slapd server, or if there is something else in between that is 
causing the delay that you see.  My suspicion would be that there is 
something else interfering.


As for migrating from hdb to mdb, it's generally straight forward.  You'd 
need to export your data database to LDIF, and then export cn=config, and 
change the HDB specific bits to MDB, and drop the parameters specific to 
HDB that aren't required for MDB.


If you want to see a basic cn=config templated configuration, you can look 
at:




where @BACKEND@ can be any of bdb/hdb/mdb, and tweak as necessary from 
there.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: OpenLDAP performance and slapindex

2016-12-14 Thread Real, Elizabeth (392K) 
Thank you for the quick response.

I have spent a lot of time configuring version 2.4.40. Is there a guide on how 
to upgrade to 2.4.44 and switch to back-mdb? we rolled out 2.4.40 today and 
would need to plan the next upgrade.

I did already have indices defined for the database when I did the import.

What tool do you recommend for monitoring ldap performance?

Thank you,
Liz

From: Quanah Gibson-Mount 
Reply-To: Quanah Gibson-Mount 
Date: Wednesday, December 14, 2016 at 1:21 PM
To: "Real, Elizabeth (392K)" , 
"openldap-technical@openldap.org" 
Subject: Re: OpenLDAP performance and slapindex

--On Wednesday, December 14, 2016 9:05 PM + "Real, Elizabeth (392K)"
> wrote:



Hello,



I'm running OpenLDAP 2.4.40

Upgrade immediately to 2.4.44.  The 2.4.40 release was seriously flawed and
had numerous critical bugs around replication.

In looking at ways to improve performance of ldap, is slapindex a tool to
use? Meaning after importing users accounts from an older ldap, should
slapindex be ran? Or is this tool is used when you want to modify/add
entries found in the slapd (cn=config.ldif) and database
((olcDatabase={2}hdb.ldif) configuration files not when users are added
to the ldap database.

Stop using back-hdb.  Switch to back-mdb.



If you already had indices defined for the database when you did the
import, there is no reason to run slapindex.  Slapindex should only be used
if you've added a /new/ index to your database.  If you are using cn=config
and add a new index, there will be a background thread that will eventually
index the entire DB.

Whether or not you need to add indexing for given attribute(s) can be
discovered by examining the logs generated by slapd, which will file a
complaint if there is a search performed on an unindexed attribute.  You
would need to examine the specific search to see what type(s) of indexing
may be required.

If slapindex is not a tool to use to monitor performance, what do you
recommend?

slapindex has never been a tool to monitor anything.  It is purely for
(re)generating indices on an existing DB.

Hope that helps!

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: OpenLDAP performance and slapindex

2016-12-14 Thread Quanah Gibson-Mount 
--On Wednesday, December 14, 2016 9:05 PM + "Real, Elizabeth (392K)" 
 wrote:





Hello,



I'm running OpenLDAP 2.4.40


Upgrade immediately to 2.4.44.  The 2.4.40 release was seriously flawed and 
had numerous critical bugs around replication.



In looking at ways to improve performance of ldap, is slapindex a tool to
use? Meaning after importing users accounts from an older ldap, should
slapindex be ran? Or is this tool is used when you want to modify/add
entries found in the slapd (cn=config.ldif) and database
((olcDatabase={2}hdb.ldif) configuration files not when users are added
to the ldap database.


Stop using back-hdb.  Switch to back-mdb.



If you already had indices defined for the database when you did the 
import, there is no reason to run slapindex.  Slapindex should only be used 
if you've added a /new/ index to your database.  If you are using cn=config 
and add a new index, there will be a background thread that will eventually 
index the entire DB.


Whether or not you need to add indexing for given attribute(s) can be 
discovered by examining the logs generated by slapd, which will file a 
complaint if there is a search performed on an unindexed attribute.  You 
would need to examine the specific search to see what type(s) of indexing 
may be required.



If slapindex is not a tool to use to monitor performance, what do you
recommend?


slapindex has never been a tool to monitor anything.  It is purely for 
(re)generating indices on an existing DB.


Hope that helps!

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

OpenLDAP performance and slapindex

2016-12-14 Thread Real, Elizabeth (392K) 
Hello,

I’m running OpenLDAP 2.4.40 on two multi-master servers with replication 
enabled. Today we switched over to this instance, imported all users from the 
old ldap server, and configured an ldap client to use this instance.

Everything is working well, users are authenticating and able to access their 
assigned groups.

However, we noticed that while on the ldap client and as a regular user we type 
“w” to see who is logged on this machine, it takes a while before we get a 
response with the results. If we type “w” again the response is very fast due 
to caching.

In looking at ways to improve performance of ldap, is slapindex a tool to use? 
Meaning after importing users accounts from an older ldap, should slapindex be 
ran? Or is this tool is used when you want to modify/add entries found in the 
slapd (cn=config.ldif) and database ((olcDatabase={2}hdb.ldif) configuration 
files not when users are added to the ldap database.

If slapindex is not a tool to use to monitor performance, what do you recommend?

Thank you,
Liz