Optimising OpenLDAP

Jul 15,2016 at 10:30 am By Ben Hutton

I recently had an issue with full listing of directories for NFS mounts. That is when you do an ‘ls -l’ it took a long time to list the files. It didn’t effect ‘ls’ though, so it pointed to an issue with something that the full listing showed. After some investigation I determined that LDAP was the cause of the issue so I had to work out a way of optimising OpenLDAP, as this was the LDAP server that I was using.

Issue with LDAP

Disabling LDAP lookups within /etc/nsswitch (the server was authenticated to LDAP) speed things up so NFS wasn’t the issue. It turned out it was also slow on the NFS server for that folder.

Indexes are important

In investigating the LDAP server and possible issues I discovered that indexes were missing. Since LDAP is a database indexes are important in improving the speed of searches.

In this case the directory listing was the /usr/home folder. This of course contained most of the users within the directory. Being that the indexes for user and group names wasn’t set this slowed down retrieving individual users. It didn’t become an issue until there was at least 50 users within the directory.

A simple fix

To resolve this issue is very straight forward. Find the slapd.conf file which in linux is in /etc/ and in BSD you will find it in /usr/local/etc/openldap/.

Add the following indexes to the slapd.conf file:

index uidNumber eq
index gidNumber eq

Now all you need to do is restart slapd and away you go.

And for a bit more performance

If you want to get even more performance you can start nscd on the client machines. This will cache entries locally so will reduce the load on the server plus allows repeat lookups (those you have already done) when the client is disconnected from the server. Quite useful for laptops.


For further reading I found the following information quite useful in optimising LDAP.


Leave a comment

Login to Comment

Copyright © 2017 | Ben Hutton