Re: Too many default groups in Skolelinux' LDAP schema?
* Finn-Arne Johansen (faj@bzz.no) [040313 16:19]:
> Andreas, Could you, or maybe Kurt, explain why you want the extra
> groups, and also why we want them. Even in the new interface they are
> confusing. I have some clues, but as I said earlier, I did not want
> them in there (I even reverted your changes to include them at one
> point).
did that, see other mail.
> If anyone have a clue on how to speed up the login process it will be
> much apreciated.
one can speed up slapd by several orders of magnitude by
keeping its data completly in memory.
i did that with these entries in slapd.conf:
cachesize 4000 # here set the cachesize to as many ldap entries
# your complete directory contains, or some more.
# every entry (group, user, netgroup...) counts, of cause.
# this is no memory hog at all, just a few MBytes.
dbnosync # this does not sync everything to HD right away
# and it is possible to describe what kind of queries are done on different
# objects and what the backend should optimize for.
# for this you need to rebuild your indices by slapcating your data,
# removing all database files and slapadding your data again.
# Indices to maintain
index objectClass pres,eq
index cn,sn pres,eq,sub
index uid pres,eq,sub
index ageGroup eq
index groupType eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index default eq
and then there is an issue with ldap`s backend corruping its database
in some versions. as far as i know this is unheared of in debian
stable, but unstable had that problem for a long time. then it
helps to run db_recover on the database files. that has a very
similar effect then what you describe: *really* slow ldap answers
and complet cpu utilisation for nothing by slapd.
Reply to: