Philip Kime
2007-Apr-20 02:42 UTC
[Fedora-directory-users] Automatically inactivate accounts after a certain time or on a certain date?
It looks like this isn''t possible at the moment as this plug-in seems to still be in development: http://directory.fedoraproject.org/wiki/Account_Policy_Design Or is there a neat way with roles? It seems tricky, even with a filtered role. PK -- Philip Kime NOPS Systems Architect 310 401 0407
Anderson, Cary
2007-May-23 17:35 UTC
[Fedora-directory-users] looking for some insight into configuring FDS for an enterprise environment of 10k users
I have been doing some stress tests on the FDS in order to try and configure the server for an enterprise wide deployment. My goal is to recommend the number of slave/master servers and the appropriate configuration for an environment with 10k users. Starting with a default FDS installation I have modified the directory accordingly: 10k users id''s the max cache size: 63Mb Lookthrough limit: 15000 Max file descriptors: 4096 memory avail. for cache: 100Mb Created an index for uidnumber I have created a php script to stress test the server. The script has the following parameters: processes 500 # number of simultaneous connections binds 5 #number of times the script will loop query 50 # number of queries to make min sleep 1 # min time between queries max sleep 5 # max time between queries uid_number 50000 # search for this uidnumber server 10.27.1.104 #host ldap server Running this script will generate "can''t contact the LDAP server" errors. My question is should I be looking at some other parameters to modify in order to have the server handle more simultaneous connections. 500 connections doesn''t seem like an unreasonable number of connections for an enterprise directory server, yet the server is rolling over at what seems to be a pretty light load... Any insights on how best to configure the server to handle a larger number of connections would be greatly appreciated. Thanks Cary Anderson, Systems Software Specialist UNIX/Linux Services Information Technology Services Branch Technology Services & Support Division / Data Center Section System Software & Storage Infrastructure fCalPERS
George Holbert
2007-May-23 17:49 UTC
Re: [Fedora-directory-users] looking for some insight into configuring FDS for an enterprise environment of 10k users
> Running this script will generate "can''t contact the LDAP server" errors.Does this happen immediately, or does the script run for a while first? When you start seeing this message, what shows up in the server''s access and error logs?> Max file descriptors: 4096If you''re running on machines dedicated to the directory service, you can increase this quite a bit... in fact, this is probably the limit you''re hitting. Anderson, Cary wrote:> I have been doing some stress tests on the FDS in order to try and > configure the server for an enterprise wide deployment. My goal is to > recommend the number of slave/master servers and the appropriate > configuration for an environment with 10k users. > > Starting with a default FDS installation I have modified the directory > accordingly: > 10k users id''s > the max cache size: 63Mb > Lookthrough limit: 15000 > Max file descriptors: 4096 > memory avail. for cache: 100Mb > Created an index for uidnumber > > I have created a php script to stress test the server. > The script has the following parameters: > > processes 500 # number of simultaneous connections > binds 5 #number of times the script will loop > query 50 # number of queries to make > min sleep 1 # min time between queries > max sleep 5 # max time between queries > uid_number 50000 # search for this uidnumber > server 10.27.1.104 #host ldap server > > Running this script will generate "can''t contact the LDAP server" > errors. My question is should I be looking at some other parameters > to modify in order to have the server handle more simultaneous > connections. 500 connections doesn''t seem like an unreasonable number > of connections for an enterprise directory server, yet the server is > rolling over at what seems to be a pretty light load... > > Any insights on how best to configure the server to handle a larger > number of connections would be greatly appreciated. > > Thanks >
Anderson, Cary
2007-May-23 17:54 UTC
RE: [Fedora-directory-users] looking for some insight into configuring FDS for an enterprise environment of 10k users
I usually start seeing these errors about 5 minutes into the test. I will attempt to increase the max file descriptors to the ulimit of the server, which is 65535 Thanks Cary Anderson, Systems Software Specialist UNIX/Linux Services Information Technology Services Branch Technology Services & Support Division / Data Center Section System Software & Storage Infrastructure fCalPERS Phone: (916) 795-2588 Fax: (916) 795-2424 -----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of George Holbert Sent: Wednesday, May 23, 2007 10:49 AM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] looking for some insight into configuring FDS for an enterprise environment of 10k users> Running this script will generate "can''t contact the LDAP server" > errors.Does this happen immediately, or does the script run for a while first? When you start seeing this message, what shows up in the server''s access and error logs?> Max file descriptors: 4096If you''re running on machines dedicated to the directory service, you can increase this quite a bit... in fact, this is probably the limit you''re hitting. Anderson, Cary wrote:> I have been doing some stress tests on the FDS in order to try and > configure the server for an enterprise wide deployment. My goal is to> recommend the number of slave/master servers and the appropriate > configuration for an environment with 10k users. > > Starting with a default FDS installation I have modified the directory > accordingly: > 10k users id''s > the max cache size: 63Mb > Lookthrough limit: 15000 > Max file descriptors: 4096 > memory avail. for cache: 100Mb > Created an index for uidnumber > > I have created a php script to stress test the server. > The script has the following parameters: > > processes 500 # number of simultaneous connections > binds 5 #number of times the script will loop > query 50 # number of queries to make > min sleep 1 # min time between queries > max sleep 5 # max time between queries > uid_number 50000 # search for this uidnumber > server 10.27.1.104 #host ldap server > > Running this script will generate "can''t contact the LDAP server" > errors. My question is should I be looking at some other parameters > to modify in order to have the server handle more simultaneous > connections. 500 connections doesn''t seem like an unreasonable number> of connections for an enterprise directory server, yet the server is > rolling over at what seems to be a pretty light load... > > Any insights on how best to configure the server to handle a larger > number of connections would be greatly appreciated. > > Thanks >-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users