I sort of succesfully installed samba2.2.5 with OpenLDAP 2.0.26 as a PDC on one machine. Alas the performance is very poor. Authentication process takes 10 Seconds pser, noticable one or two seconds per "net use d:" in the logon script. The process which consumes all CPU cycles is slap. I tried to tune with some h help of openLDAP mailinglist members (indices, nscd), but i didn't solve the problem. Now I try to set up a second machine with SuSE 8.1 with OpenLDAP 2.1.x and Samba 2.2.6pre2. It compiles and links fine, but when I try to log in it says: passdb/pdb_ldap.c: ldap_open_connection(216) connection opened passdb/pdb_ldap.c: ldap_connect_system(246) Bind failed: protocol error I can search the ldap-database and authenticate against it from command-line i.e. ldasearch -w -W uid=administrator. I assume that samba can not handle ldap v3? Has anybody an idea why login(script) is that slow? The original machine is a PIII, 1GHz, 1GB RAM with SuSE8.0 I do some conf inclusion depending on %G and %U. Further I have a user base of 4500 pieces ;-) and groups with 12k Entries, the largest 4500. I tried to execute every SRCH statement solely but it was reasonable fast (<0.5 Sek each). It is a real show stopper for me. Any helping comment is welcomed. Thanks, Malte Mueller
On Tue, Oct 08, 2002 at 05:18:04PM +0200, Malte M?ller wrote:> I sort of succesfully installed samba2.2.5 with OpenLDAP 2.0.26 as a PDC on one > machine. > Alas the performance is very poor. Authentication process takes 10 > Seconds pser, noticable one or two seconds per "net use d:" in the > logon script. The process which consumes all CPU cycles is slap. I > tried to tune with some h > help of openLDAP mailinglist members (indices, nscd), but i didn't solve the > problem.The first time a have a performance problem with slapd, a don't think about syslog. Syslog slow down slapd, if you 'forgot' the "-" just before /dev/tty??. With "-" in front of the outputfile, the syslog writes a asynchron. If not try to increase the debug level of slapd: loglevel 296 # 8+32+256: # # connection management # # search filter processing # # stats logconnections/operations/results Take a look at "man slapd.conf" for the values. Frank. -- Frank Matthie? fm+samba@Microdata-pos.de
"Malte M?ller" wrote:> > I sort of succesfully installed samba2.2.5 with OpenLDAP 2.0.26 as a PDC on one > machine. > Alas the performance is very poor. Authentication process takes 10 Seconds pser, noticable one or two seconds per "net use d:" in the logon script. > The process which consumes all CPU cycles is slap. I tried to tune with some h > help of openLDAP mailinglist members (indices, nscd), but i didn't solve the > problem. > Now I try to set up a second machine with SuSE 8.1 with OpenLDAP 2.1.x and > Samba 2.2.6pre2. It compiles and links fine, but when I try to log in > it says: > passdb/pdb_ldap.c: ldap_open_connection(216) connection opened > passdb/pdb_ldap.c: ldap_connect_system(246) Bind failed: protocol error > > I can search the ldap-database and authenticate against it from command-line > i.e. ldasearch -w -W uid=administrator. > I assume that samba can not handle ldap v3?Samba just doesn't use it by default, in 2.2. I added this to 3.0, when i got bitten by the same issue. The OpenLDAP folks decided that they would force people to use LDAPv3, unless you explicitly configured otherwise. Some distributions set this, for admin sanity. Lookup the OpenLDAP doco, and reenable v2 binds. I'll bug jerry about adding the extra 1 line to 2.2.6 before it's released. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Jerry wrote: Some distributions set this, for admin sanity. Lookup the OpenLDAP doco, and reenable v2 binds. I'll bug jerry about adding the extra 1 line to 2.2.6 before it's released. ---- Thanks a lot. I reenabled it (allow bind_v2) and it works. Should have read the man-page, but didn't think it could be that easy :-) But more important: Authentication of samba with openLdap 2.1.5 is fast as lightning. Some more testing has to follow, but it looks very good, only 20% CPU load (for one user) at max. I did not change anything of the samba configuration, nor did i change the ldap indices, but only updated from openldap 2.0.26 to 2.1.5 and use bdb instead of ldbm. Great! thanks, Malte Mueller