phpgroupware-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] OpenLDAP for beginners in 0.9.16 configuration


From: Benoit Hamet
Subject: [Phpgroupware-developers] OpenLDAP for beginners in 0.9.16 configuration
Date: Wed, 07 Apr 2004 18:58:37 +0200
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all, hi fips,

We just finish to launch our server with LDAP.
As beginners with this we made some mistake.
I think That it could be helpfull to people playing with OpenLDAP, to know some tricks to improve performance

First, as LDAP is a database, you need to create indexes.
It seems that the following increase a lot the performance :

(in slapd.conf)
index           cn,uid,memberUid pres,eq,approx,sub
index           objectClass,uidNumber,gidNumber eq

memberUid is place here because we use it we Apache LDAP auth on a webdav repository.

sub is perhaps not needed, read the doc to understand the meanings

Then, in the database directory, we add a DB_CONFIG file (this is for use with bdb backend), with the line:
set_cachesize 0 1024000 1

This will create a cache size of 10MB as explained in the doc.

According to the stats, we have a 98% responses from it.

Then, there is a silly thing : slapd daemon limits the search request to 500 entries by default. So If you have more than 500 accounts (which is our case (~1200)), you will get in trouble when trying to create groups of users for example (only 500 entries ;).
To increase this limit :
(in slapd.conf, first part (before the bdb definition))
sizelimit 5000

Then we increase the cachesize of the slapd-bdb
with the following line :
(in slapd.conf, bdb part)
cachesize 3000

This will help you in improving things.
If you have other advices, please contribute :).

This is - for sure - basics for most of LDAP users in this list, but as we don't found any advice on this in phpgw directory ( or we miss it ? ) this is a small contrib. I will add a more detailed version of this on the wiki, when time will be better, and add contribution if people reply :).

There is still a problem with the correlation between numbers of users/ open connection to LDAP. No test are done yet. But seems that things are good on our server. Connections are closed at the end of the script execution.


Caeies,
who needs to contact fips asap, to discuss some improvement :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAdDNId/RrA5d/NgMRAlhVAJ914LMCqbMWv5ttpj4LRw9+GDqCbQCfToD9
zKt9l1LBVpxhCKSXTVN8jv0=
=BQsL
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]