Hi list,
we're in the process of converting our Samba 3 / OpenLDAP systems to Samba4.
Since these machines also run applications (Postfix, Zarafa) that
retrieve their information from LDAP, performance of the LDAP server is
quite important to us.
While testing, it seems that the S4 LDAP server is a lot slower than
OpenLDAP. So, I would like to ask two questions:
1. What is the expected performance of the S4 LDAP server? E.g. if someone
could give me a rough estimate on the number of simple queries per second on
average hardware, then I can see if my setup is performing as expected or
not.
2. Are there settings in the config that can improve the performance of the
LDAP server?
Currently, I'm testing with a simple shell script that runs an ldapsearch
command that retrieves a single user entry, 1000 times (see below). With
OpenLDAP, this takes about 2.5 seconds, with Samba 4 it takes around 30
seconds. This is with samba 4.1.11, ldb 1.1.17. The database has around 300
entries, not following the returned references.
I've tried using Matthieu Patou's patches from
http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/ldb_perfs
on my ldb, but that did not notably change the speed (which might very well
be that I am not testing correctly).
Thanks for any info on this!
Regards,
Roel
#!/bin/sh
for i in `seq 1 1000`; do
ldapsearch -x -h localhost -p 389 -D cn=dago,cn=Users,dc=s4,dc=local \
-w password '(&(objectclass=user)(cn=dago))' &>/dev/null
errno=$?
if [ "$errno" != 0 ]; then
echo "break at $i"
break
fi
echo $i
done
Hello Roel, Am 30.09.2014 um 13:51 schrieb Roel van Meer:> we're in the process of converting our Samba 3 / OpenLDAP systems to > Samba4. Since these machines also run applications (Postfix, Zarafa) > that retrieve their information from LDAP, performance of the LDAP > server is quite important to us.When you say converting from Samba 3 to Samba 4 do you mean migrating your NT4-domain to an Samba AD or continue using Samba 4 as an NT4 domain?> While testing, it seems that the S4 LDAP server is a lot slower than > OpenLDAP.Based on that, I guess you ment you want to switch over to Samba AD.> 1. What is the expected performance of the S4 LDAP server? E.g. if > someone could give me a rough estimate on the number of simple queries > per second on average hardware, then I can see if my setup is performing > as expected or not.We can't say that in general. This depents on many things, like how many objects you are storing in your AD (users, accounts, groups), AD features you use and their configuration (e. g. tombstone lifetime), and surely also about the amount of additional ACLs (e. g. if you have many delegations). Please give some more information about your environment and the expected size of your database. Then surely someone here with a similar installation size can tell you some experiences. If I output all entries of my small test environment which have an 'cn' (3441 records), it's done quite fast: # time ldbsearch -H /usr/local/samba/private/sam.ldb cn=* --cross-ncs > /dev/null 2>&1 real 0m0.719s user 0m0.594s sys 0m0.088s Doing the same via network against the second DC: # time ldbsearch -H ldap://DC2:389 cn=* --cross-ncs -Uadministrator%xxxxx > /dev/null 2>&1 real 0m1.082s user 0m0.418s sys 0m0.038s Regards, Marc
On Tue, 30 Sep 2014, Roel van Meer wrote:> While testing, it seems that the S4 LDAP server is a lot slower than > OpenLDAP.I have also found that the S4 LDAP server is extremely slow compared to OpenLDAP; I have seen as much as two orders of magnitude difference. Indeed, we put all our automount maps, netgroups, mail aliases, etc on an instance of OpenLDAP running on port 390 on the DC's, because the S4 LDAP server is just too slow for the expected response times. Steve