[Samba] Ldap performance

Bruno Gimenes Pereti pereti at ump.edu.br
Fri Sep 3 13:52:33 GMT 2004


Thank you all for the answers. I'll try to write here answer to everybody 
that's helping me.

I agree with Malte when he says this is not a samba issue, but it's 
completely related to samba.
About the slow "group resolution"... All my users used to be in 2 groups 
"Domain Users" and students|theachers|employees. As I'm not using the second 
group for access control yet, all users are now only in "Domain Users".

>> >Is it normal to have 36 slapd process, each using 33 MB?
>> I'm just guessing here, but that doesn't sound right.  I don't think you
>> should normally have any more than one, but maybe I'm mistaken.  I've
>> never seen it.
> What he is almost certainly seeing is threads, not processes, and the
> 33Mb is cumulative not individual - they are all sharing the 33Mb.  This
> is how Linux displays process information.

That's right... I didn't know that.

> For that number of users I think 33Mb is SHOCKINGLY LOW.  You need to
> tune the slapd cache size to let it use more memory.
> Also 36 threads is insane,  your almost certainly swamping the
> processor.  Limit your threads to something like 10 - 20 using the
> threads directive in slapd.conf.

I configured the cachesize to 10000 but it's not using more memory. I think 
it's ok because my ldap store only the posix and samba information. The file 
/var/lib/ldap/id2entry.gdbm is 37 MB.
I changed the thread to 10 and it's a little faster in the peak time.

>> >Another thing that may be slowing the ldap is that I need to use scope 
>> >=sub
>> >in my ldap.conf to find users and computers:
>> So you're saying that in your ldap.conf you have things configured like 
>> so?
>> nss_base_passwd        dc=homelan,dc=com,dc=br?sub
> With the correct indexes and enough RAM it shouldn't really matter.

Yes I have this in my ldap.conf:

nss_base_passwd         dc=ump,dc=edu,dc=br?sub
nss_base_shadow         dc=ump,dc=edu,dc=br?sub
nss_base_group          ou=groups,dc=ump,dc=edu,dc=br?one
nss_base_hosts          ou=computers,dc=ump,dc=edu,dc=br

I didn't change that yet because I like the idea of keeping computers and 
users separated.

And I'm using this index that took from the howto-collection:

index   objectClass             eq
index   cn                      pres,sub,eq
index   sn                      pres,sub,eq
index   uid                     pres,sub,eq
index   displayName             pres,sub,eq
index   uidNumber               eq
index   gidNumber               eq
index   memberUid               eq
index   sambaSID                eq
index   sambaPrimaryGroupSID    eq
index   sambaDomainName         eq
index   default                 sub

Is that ok or should I change any thing?

Thank's again!

Bruno Gimenes Pereti. 

More information about the samba mailing list