Performance Tuning – Open LDAP

Built OpenLDAP server live and running. You need to tune the performance of your OpenLDAP server. Every installation might be handling different kind of load and must be facing different kind of performance issues. Here I will try to explain you some basic and important OpenLDAP performance tuning directives that must be configured on every live OpenLDAP server.

OpenLDAP Performance Directives are of two types or classes:
1. Those that are global, and should be placed in the basic configuration section at the top of the slapd.conf file. The global directives must be placed at the top part of the slapd.conf file, before any database sections are defined. These directives apply to the entire SLAPD server, not just a particular directory information tree within that server.

2. Those that apply only to individual database backends.

First understand the basic difference between a database and a backend.

[highlight1]A database[/highlight1] is a location (a file, a relational database, a network resource) where a directory information tree is stored.

[highlight1]A backend[/highlight1] is a particular mechanism that is used to store databases (or, in some cases, to direct SLAPD to a remote database). Backends are coded as modules, which means they can be loaded dynamically at startup.

First very important OpenLDAP Performance Tuning Global Directive is – timelimit

The timelimit directive is used to specify the maximum amount of time SLAPD will work on a particular operation before stopping the operation and returning a message to the client.

Some operations, like searching a large directory for an attribute that is not indexed, can take a long time. Other times, clients connecting over slow network links and requesting large amounts of data can also take up significant time. Such lengthy searches can slow the entire server down, and on a busy server it can also prevent other clients from connecting and getting timely responses.

In order to avoid these problems, there is a timelimit directive, which gives you the ability to set the maximum amount of time the server will wait for an operation to complete before ending the operation and returning a message to the client.

The [highlight1]default time limit is 3600 seconds[/highlight1]. In this example, we will lower it to only five minutes:

[highlight1]timelimit 300[/highlight1]

To turn off time limits use the keyword unlimited :

timelimit unlimited

With this setting the server will not return a message to the client until the operation is complete.

In order of make OpenLDAP performance tuning more effective. The OpenLDAP developers created a more advanced form of the timelimit directive to handle such complex time limit settings. In this form, the timelimit directive can set two different sorts of time limits:

Soft limit: The soft limit is the default time limit that the server uses if the client does not include a desired time limit in its request.

Hard limit: The hard limit is the absolute longest time that the server will spend processing a request.

When a client connects to the directory and performs a search, it might send its own time limit request, which instructs the server to take no longer than that amount of time to do the search.

For example, if a client sends a time limit of 30 seconds, it will expect the server to take no longer than 30 seconds to respond. If the server’s hard time limit is higher than the time limit sent by the client, then the server will set the limit for that request to the client’s requested time limit.

However, if the server’s hard limit is lower than the client’s then it will use its own hard limit for that request.

So, if the server’s hard time limit is 60 seconds, and the client requests a 30 second time limit, the server will use the 30 second limit.

If, however, the server’s hard time limit is 10 seconds and the client requests a 30 second limit, the server will use its hard 10 second limit, since it is lower.

Expanded form of the timelimit directive to see an example of setting the hard and soft limits. Typically, both are set in the same command (though you can set one without setting the other):

[highlight1]timelimit time.soft=30 time.hard=300
In this example the soft time limit is 30 seconds, while the hard time limit is 300 seconds.


Setting the OpenLDAP Client Time Limit

You can set the client time limit by editing /etc/openldap/ldap.conf (or your .ldaprc file) and adding the TIMELIMIT directive. In the ldap.conf file, TIMELIMIT takes only one parameter: time limit in seconds. For example, to set the time limit to 30 seconds:

[highlight2]TIMELIMIT 30

Thanks Enjoy !!!!!![divider]

Taggato su: ,
Loading Facebook Comments ...

Lascia un commento