Jul 15,2016 at 10:30 am By Ben Hutton
I recently had an issue with full listing of directories for NFS mounts. That is when you do an ‘ls -l’ it took a long time to list the files. It didn’t effect ‘ls’ though, so it pointed to an issue with something that the full listing showed. After some investigation I determined that LDAP was the cause of the issue so I had to work out a way of optimising OpenLDAP, as this was the LDAP server that I was using.
Disabling LDAP lookups within /etc/nsswitch (the server was authenticated to LDAP) speed things up so NFS wasn’t the issue. It turned out it was also slow on the NFS server for that folder.
In investigating the LDAP server and possible issues I discovered that indexes were missing. Since LDAP is a database indexes are important in improving the speed of searches.
In this case the directory listing was the /usr/home folder. This of course contained most of the users within the directory. Being that the indexes for user and group names wasn’t set this slowed down retrieving individual users. It didn’t become an issue until there was at least 50 users within the directory.
To resolve this issue is very straight forward. Find the slapd.conf file which in linux is in /etc/ and in BSD you will find it in /usr/local/etc/openldap/.
Add the following indexes to the slapd.conf file:
index uidNumber eq index gidNumber eq
Now all you need to do is restart slapd and away you go.
If you want to get even more performance you can start nscd on the client machines. This will cache entries locally so will reduce the load on the server plus allows repeat lookups (those you have already done) when the client is disconnected from the server. Quite useful for laptops.
For further reading I found the following information quite useful in optimising LDAP.
Login to Comment
Copyright © 2017 | Ben Hutton