[Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
Gaetan SLONGO
gslongo at it-optics.com
Mon Mar 27 08:11:43 UTC 2017
What we found is Zarafa makes a very big amount of queries, which makes Samba run at 100% CPU (one process, LDAP does not seems to be multi-threaded..?)... but we have hundreds of users...
What do you think could be wrong in the current database/setup ? We verified all the setup and everything seems OK
----- Mail original -----
De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Lundi 27 Mars 2017 09:58:55
Objet: Re: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
No, you have to do that manualy, or look the the samba4 ADS script for kopano ( or zarafa )
But I mostly follow the documentation.
And when i run :
time ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b @INDEXLIST
....
real 0m0.230s
user 0m0.184s
sys 0m0.044s
so if yours take more that 20 sec there is something very wrong.
I suggest check you samba AD database and samba4 ADDC setup,
i dont think this is zarafa related.
Greetz,
Louis
Van: Gaetan SLONGO [mailto:gslongo at it-optics.com]
Verzonden: maandag 27 maart 2017 8:46
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
Hi !
Thanks for answer. Yes we use zarafaAccount in search filter.
There is an installer provided for Samba4 to install new schemas ?
Thanks !
De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Jeudi 23 Mars 2017 11:54:50
Objet: Re: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
Are use using zarafaAccount=1 withing the search filters?
I use this things like this :
(&(objectClass=person)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))
Or for groups.
(&(objectclass=group)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))
That helps a lot.
! If you switch to kopano beware to change the SCHEMA and filters
zarafaAccount changed to kopanoAccount
Greetz.
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Gaetan SLONGO via
> samba
> Verzonden: donderdag 23 maart 2017 11:12
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable),
> performance tunning ?
> Urgentie: Hoog
>
>
> Dear users,
>
> We are facing to a big latency issue regarding the LDAP Server (both
> encrypted & plain).
>
> We have a Zarafa mail server which makes a lot of queries and puts a samba
> process to 100% usage. This latency makes the mail server unusable.. The
> mail server was previously on OpenLDAP and there was not performance
> issues.
>
> A simple LDAP query can take up to 25 sec to perform !!
>
> We have added some indexes :
>
> [root at califix ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b
> @INDEXLIST
> # record 1
> dn: @INDEXLIST
> @IDXONE: 1
> @IDXVERSION: 2
> @IDXATTR: objectClass
> @IDXATTR: msDS-Cached-Membership-Time-Stamp
> @IDXATTR: userPrincipalName
> @IDXATTR: rpcNsInterfaceID
> @IDXATTR: fileExtPriority
> @IDXATTR: dnsRoot
> @IDXATTR: mSMQLabelEx
> @IDXATTR: dNSTombstoned
> @IDXATTR: msDS-PhoneticCompanyName
> @IDXATTR: msSFU30Domains
> @IDXATTR: dhcpType
> @IDXATTR: ou
> @IDXATTR: gidNumber
> @IDXATTR: msFVE-VolumeGuid
> @IDXATTR: msTSManagingLS2
> @IDXATTR: implementedCategories
> @IDXATTR: oMTIndxGuid
> @IDXATTR: cOMClassID
> @IDXATTR: volTableIdxGUID
> @IDXATTR: l
> @IDXATTR: mSMQDigests
> @IDXATTR: msTSExpireDate4
> @IDXATTR: flatName
> @IDXATTR: msSFU30YpServers
> @IDXATTR: packageFlags
> @IDXATTR: mSMQOwnerID
> @IDXATTR: objectCategory
> @IDXATTR: msSFU30IsValidContainer
> @IDXATTR: msTSProperty02
> @IDXATTR: mS-DS-CreatorSID
> @IDXATTR: proxyAddresses
> @IDXATTR: msPKI-Cert-Template-OID
> @IDXATTR: uNCName
> @IDXATTR: mS-SQL-Name
> @IDXATTR: fSMORoleOwner
> @IDXATTR: msSFU30NisDomain
> @IDXATTR: otherMailbox
> @IDXATTR: location
> @IDXATTR: msSFU30NetgroupHostAtDomain
> @IDXATTR: uSNChanged
> @IDXATTR: sIDHistory
> @IDXATTR: birthLocation
> @IDXATTR: msDS-SecondaryKrbTgtNumber
> @IDXATTR: msTSProperty01
> @IDXATTR: msTSManagingLS4
> @IDXATTR: msSFU30OrderNumber
> @IDXATTR: msDS-HABSeniorityIndex
> @IDXATTR: primaryGroupID
> @IDXATTR: mSMQQueueType
> @IDXATTR: msDFSR-ReplicationGroupGuid
> @IDXATTR: msDS-PhoneticDepartment
> @IDXATTR: mail
> @IDXATTR: msSFU30Name
> @IDXATTR: msSFU30NetgroupUserAtDomain
> @IDXATTR: fromServer
> @IDXATTR: displayName
> @IDXATTR: msTSLicenseVersion2
> @IDXATTR: groupType
> @IDXATTR: msTSLicenseVersion3
> @IDXATTR: msTSLicenseVersion4
> @IDXATTR: userAccountControl
> @IDXATTR: physicalLocationObject
> @IDXATTR: servicePrincipalName
> @IDXATTR: msTSExpireDate
> @IDXATTR: serviceClassName
> @IDXATTR: lDAPDisplayName
> @IDXATTR: zarafaAccount
> @IDXATTR: terminalServer
> @IDXATTR: givenName
> @IDXATTR: msTSManagingLS3
> @IDXATTR: msSFU30MaxUidNumber
> @IDXATTR: msDS-Entry-Time-To-Die
> @IDXATTR: msTSLSProperty01
> @IDXATTR: msDS-PhoneticFirstName
> @IDXATTR: trustPartner
> @IDXATTR: msTSLSProperty02
> @IDXATTR: msTSExpireDate3
> @IDXATTR: objectGUID
> @IDXATTR: showInAdvancedViewOnly
> @IDXATTR: rpcNsTransferSyntax
> @IDXATTR: sAMAccountName
> @IDXATTR: mS-SQL-Version
> @IDXATTR: msDS-Site-Affinity
> @IDXATTR: sn
> @IDXATTR: name
> @IDXATTR: nETBIOSName
> @IDXATTR: sAMAccountType
> @IDXATTR: msTSManagingLS
> @IDXATTR: msDFSR-DfsPath
> @IDXATTR: altSecurityIdentities
> @IDXATTR: USNIntersite
> @IDXATTR: msSFU30MasterServerName
> @IDXATTR: msDS-PhoneticLastName
> @IDXATTR: cn
> @IDXATTR: netbootGUID
> @IDXATTR: lastLogonTimestamp
> @IDXATTR: legacyExchangeDN
> @IDXATTR: mSMQLabel
> @IDXATTR: uSNCreated
> @IDXATTR: mS-SQL-Database
> @IDXATTR: msDS-PhoneticDisplayName
> @IDXATTR: msSFU30MaxGidNumber
> @IDXATTR: rpcNsObjectID
> @IDXATTR: timeVolChange
> @IDXATTR: msTSExpireDate2
> @IDXATTR: groupAttributes
> @IDXATTR: physicalDeliveryOfficeName
> @IDXATTR: msFVE-RecoveryGuid
> @IDXATTR: msDS-AdditionalSamAccountName
> @IDXATTR: objectSid
> @IDXATTR: keywords
> @IDXATTR: mS-SQL-Alias
> @IDXATTR: invocationId
> @IDXATTR: msTSLicenseVersion
> @IDXATTR: requiredCategories
> @IDXATTR: msDS-AzObjectGuid
> distinguishedName: @INDEXLIST
>
> There is any way to improve LDAP responses times ? It seems there is only
> one process which is managing LDAP queries (no forks/threads?)
>
> Thank you in advance for your help !!
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company :
+32 (0)65 84 23 85
Direct :
+32 (0)65 32 85 88
Fax :
+32 (0)65 84 66 76
Skype ID :
gslongo.pro
GPG Key :
gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : +32 (0)65 84 23 85
Direct : +32 (0)65 32 85 88
Fax : +32 (0)65 84 66 76
Skype ID : gslongo.pro
GPG Key : gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
More information about the samba
mailing list