Tips and Tricks for Configuring LDAP

Here thanks to Francesco Chicchiricco at Sourcesense are some tips and tricks for configuring LDAP to perform under load

  • compile latest openldap with berkleyDB in the core, not as module

In slapd.conf:

  • use a hash root password, not clear text (slappasswd -h)
  • set 'sizelimit unlimited' to avoid problems while retrieving data; otherwise ldapsearch results are limited up to the specified limit or 500 by default
  • set 'cachesize 5000' to speed up queries (up to 5000 entries in memory, default 1000) - see http://www.openldap.org/faq/data/cache/1075.html for general considerations on OpenLDAP caching
  • set 'checkpoint 512 720': this is a BDB directive telling OpenLDAP to set transactional checkpoint (writing of changed data to disk) to occur when either 512 kilobytes of data have been written to the bdb subsystem or 720 minutes have passed since the last checkpoint; this setting was very very important importing 23 GB of data!
  • define database indexes for frequently issued queries

in <DATA_DIR>/DB_CONFIG (BDB low-level config file):

  • set 'set_cachesize 0 52428800 0': low-level equivalent to 'cachesize 5000', but specific for BDB backend
  • set 'set_flags DB_TXN_NOSYNC': this flag tells the database not to immediately flush transaction buffers to disk

finally, start slapd without or with litte logging (-d switch).

  • No labels