[Samba] Samba 4 LDAP/LDB search speed

Roel van Meer roel at 1afa.com
Wed Oct 1 01:00:10 MDT 2014 

Marc Muehlfeld writes:

> When you say converting from Samba 3 to Samba 4 do you mean migrating
> your NT4-domain to an Samba AD or continue using Samba 4 as an NT4 domain?

We want to go to Samba AD.

> > While testing, it seems that the S4 LDAP server is a lot slower than
> > OpenLDAP.
>
> Based on that, I guess you ment you want to switch over to Samba AD.

Correct.

> > 1. What is the expected performance of the S4 LDAP server? E.g. if
> > someone could give me a rough estimate on the number of simple queries
> > per second on average hardware, then I can see if my setup is performing
> > as expected or not.
>
> We can't say that in general. This depents on many things, like how many
> objects you are storing in your AD (users, accounts, groups), AD
> features you use and their configuration (e. g. tombstone lifetime), and
> surely also about the amount of additional ACLs (e. g. if you have many
> delegations).
>
> Please give some more information about your environment and the
> expected size of your database. Then surely someone here with a similar
> installation size can tell you some experiences.

We're still just testing things. We now have maybe 10 users in the database,  
and nothing special at all, no additional anything.
I'm just worried, given the big difference in speed between queries in  
OpenLDAP and queries in Samba 4, that the system won't perform very well if  
Postfix and Zarafa are going to do a lot of LDAP queries.

> If I output all entries of my small test environment which have an 'cn'
> (3441 records), it's done quite fast:
>
> # time ldbsearch -H /usr/local/samba/private/sam.ldb cn=* --cross-ncs >
> /dev/null 2>&1
>
> real    0m0.719s
> user    0m0.594s
> sys     0m0.088s

On my system, with 3555 records:

real    0m1.528s
user    0m1.300s
sys     0m0.160s

And on another, with 3476 records:

real    0m2.297s
user    0m2.150s
sys     0m0.130s

> Doing the same via network against the second DC:
>
> # time ldbsearch -H ldap://DC2:389 cn=* --cross-ncs
> -Uadministrator%xxxxx > /dev/null 2>&1
>
> real    0m1.082s
> user    0m0.418s
> sys     0m0.038s

For me, via network but to localhost:

real    0m3.454s
user    0m1.220s
sys     0m0.530s

and on the other:

real    0m8.249s
user    0m4.020s
sys     0m1.600s

This is on quite ordinary hardware, with an otherwise idle system. If I  
compare it to the values you posted it seems there is a lot of room for  
improvement. That is good. Now the challenge is to find where the slowness  
occurs. :)

Thanks for your answer!

Roel

More information about the samba mailing list