Gaetan SLONGO
2017-Mar-23 10:12 UTC
[Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
Dear users, We are facing to a big latency issue regarding the LDAP Server (both encrypted & plain). We have a Zarafa mail server which makes a lot of queries and puts a samba process to 100% usage. This latency makes the mail server unusable.. The mail server was previously on OpenLDAP and there was not performance issues. A simple LDAP query can take up to 25 sec to perform !! We have added some indexes : [root at califix ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b @INDEXLIST # record 1 dn: @INDEXLIST @IDXONE: 1 @IDXVERSION: 2 @IDXATTR: objectClass @IDXATTR: msDS-Cached-Membership-Time-Stamp @IDXATTR: userPrincipalName @IDXATTR: rpcNsInterfaceID @IDXATTR: fileExtPriority @IDXATTR: dnsRoot @IDXATTR: mSMQLabelEx @IDXATTR: dNSTombstoned @IDXATTR: msDS-PhoneticCompanyName @IDXATTR: msSFU30Domains @IDXATTR: dhcpType @IDXATTR: ou @IDXATTR: gidNumber @IDXATTR: msFVE-VolumeGuid @IDXATTR: msTSManagingLS2 @IDXATTR: implementedCategories @IDXATTR: oMTIndxGuid @IDXATTR: cOMClassID @IDXATTR: volTableIdxGUID @IDXATTR: l @IDXATTR: mSMQDigests @IDXATTR: msTSExpireDate4 @IDXATTR: flatName @IDXATTR: msSFU30YpServers @IDXATTR: packageFlags @IDXATTR: mSMQOwnerID @IDXATTR: objectCategory @IDXATTR: msSFU30IsValidContainer @IDXATTR: msTSProperty02 @IDXATTR: mS-DS-CreatorSID @IDXATTR: proxyAddresses @IDXATTR: msPKI-Cert-Template-OID @IDXATTR: uNCName @IDXATTR: mS-SQL-Name @IDXATTR: fSMORoleOwner @IDXATTR: msSFU30NisDomain @IDXATTR: otherMailbox @IDXATTR: location @IDXATTR: msSFU30NetgroupHostAtDomain @IDXATTR: uSNChanged @IDXATTR: sIDHistory @IDXATTR: birthLocation @IDXATTR: msDS-SecondaryKrbTgtNumber @IDXATTR: msTSProperty01 @IDXATTR: msTSManagingLS4 @IDXATTR: msSFU30OrderNumber @IDXATTR: msDS-HABSeniorityIndex @IDXATTR: primaryGroupID @IDXATTR: mSMQQueueType @IDXATTR: msDFSR-ReplicationGroupGuid @IDXATTR: msDS-PhoneticDepartment @IDXATTR: mail @IDXATTR: msSFU30Name @IDXATTR: msSFU30NetgroupUserAtDomain @IDXATTR: fromServer @IDXATTR: displayName @IDXATTR: msTSLicenseVersion2 @IDXATTR: groupType @IDXATTR: msTSLicenseVersion3 @IDXATTR: msTSLicenseVersion4 @IDXATTR: userAccountControl @IDXATTR: physicalLocationObject @IDXATTR: servicePrincipalName @IDXATTR: msTSExpireDate @IDXATTR: serviceClassName @IDXATTR: lDAPDisplayName @IDXATTR: zarafaAccount @IDXATTR: terminalServer @IDXATTR: givenName @IDXATTR: msTSManagingLS3 @IDXATTR: msSFU30MaxUidNumber @IDXATTR: msDS-Entry-Time-To-Die @IDXATTR: msTSLSProperty01 @IDXATTR: msDS-PhoneticFirstName @IDXATTR: trustPartner @IDXATTR: msTSLSProperty02 @IDXATTR: msTSExpireDate3 @IDXATTR: objectGUID @IDXATTR: showInAdvancedViewOnly @IDXATTR: rpcNsTransferSyntax @IDXATTR: sAMAccountName @IDXATTR: mS-SQL-Version @IDXATTR: msDS-Site-Affinity @IDXATTR: sn @IDXATTR: name @IDXATTR: nETBIOSName @IDXATTR: sAMAccountType @IDXATTR: msTSManagingLS @IDXATTR: msDFSR-DfsPath @IDXATTR: altSecurityIdentities @IDXATTR: USNIntersite @IDXATTR: msSFU30MasterServerName @IDXATTR: msDS-PhoneticLastName @IDXATTR: cn @IDXATTR: netbootGUID @IDXATTR: lastLogonTimestamp @IDXATTR: legacyExchangeDN @IDXATTR: mSMQLabel @IDXATTR: uSNCreated @IDXATTR: mS-SQL-Database @IDXATTR: msDS-PhoneticDisplayName @IDXATTR: msSFU30MaxGidNumber @IDXATTR: rpcNsObjectID @IDXATTR: timeVolChange @IDXATTR: msTSExpireDate2 @IDXATTR: groupAttributes @IDXATTR: physicalDeliveryOfficeName @IDXATTR: msFVE-RecoveryGuid @IDXATTR: msDS-AdditionalSamAccountName @IDXATTR: objectSid @IDXATTR: keywords @IDXATTR: mS-SQL-Alias @IDXATTR: invocationId @IDXATTR: msTSLicenseVersion @IDXATTR: requiredCategories @IDXATTR: msDS-AzObjectGuid distinguishedName: @INDEXLIST There is any way to improve LDAP responses times ? It seems there is only one process which is managing LDAP queries (no forks/threads?) Thank you in advance for your help !!
Andrew Bartlett
2017-Apr-05 04:40 UTC
[Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
On Thu, 2017-03-23 at 11:12 +0100, Gaetan SLONGO via samba wrote:> Dear users, > > We are facing to a big latency issue regarding the LDAP Server (both > encrypted & plain). > > We have a Zarafa mail server which makes a lot of queries and puts a > samba process to 100% usage. This latency makes the mail server > unusable.. The mail server was previously on OpenLDAP and there was > not performance issues. > > A simple LDAP query can take up to 25 sec to perform !!Can you or others who use this please give the attached patch (on git master) a try? We fix a major locking issue that makes our searches slow, and provide multi-process support. Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: ldap-multi-process.patch Type: text/x-patch Size: 80776 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20170405/938c5550/ldap-multi-process-0001.bin>
Apparently Analagous Threads
- [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
- [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
- [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
- [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?
- [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?