Hello, I have a big performance problem with a mail server using dovecot and authenticating users via ldap. The architecture of the machine is a local ldap and mysql server, they are used by dovecot for authenticating the mail users. If i use pam_sss the mail server has about 1/8 - 1/10 the performances it has if i use the pam_ldap. Even doing a 'time ls -l' on the mail tree (there are about 3000 ldap users in that directory) it is very very slow, the first time I try to do it after a reboot, it takes about 6 minutes with sssd, and about 8 seconds with ldap. Since I know sssd is recommended, anyone knows that there is anything in configuration I can try to increase the speed, avoiding me to use the old pam_ldap module? thanks in advance, Fabio Ferrari
On Mon, 2013-07-01 at 12:34 +0200, FABIO FERRARI wrote:> Hello, > > I have a big performance problem with a mail server using dovecot and > authenticating users via ldap. > The architecture of the machine is a local ldap and mysql server, they are > used by dovecot for authenticating the mail users. > > If i use pam_sss the mail server has about 1/8 - 1/10 the performances it > has if i use the pam_ldap.What exactly does this mean? Is this dovecot performance or something else?> Even doing a 'time ls -l' on the mail tree (there are about 3000 ldap > users in that directory) it is very very slow, the first time I try to do > it after a reboot, it takes about 6 minutes with sssd, and about 8 seconds > with ldap. >Did you specify enumerate = True in sssd.conf? This may cause delays when you have many users in the directory... Louis
On 1/07/13 8:34 PM, FABIO FERRARI wrote:> Even doing a 'time ls -l' on the mail tree (there are about 3000 ldap > users in that directory) it is very very slow, the first time I try to do > it after a reboot, it takes about 6 minutes with sssd, and about 8 seconds > with ldap.If this time lag only occurs at boot sssd maybe having trouble creating or managing its cache. Do subsequent ls commands run quicker once the cache is established? I've seen similar behaviour on some of my machines but I've got fewer users and don't reboot often so I've never really chased the issue down. Particularly as the times drop to essentially zero after the first run. Cheers, -pete -- Peter Brady Email: pdbrady at ans.com.au Skype: pbrady77 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 946 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130702/d6fbfb94/attachment-0002.sig>