Monday May 31, 2010

Large groups...

Sometimes ACIs evaluation on large (static) groups can play a significant role in Directory Server performances, especially when there are applications that makes massive and frequent queries to evaluate group membership.


Directory Server (since 5.2patch3) has a nice feature to handle the behavior of these queries, since ACIs are generally small instructions, they are cached into the for a faster access... but to avoid having too much space


nsslapd-groupevalsizelimit


maximum number of
members in a group during acl evaluation ( there is a parameter for that
(forgot which one but I could search )

    acl would be rejected and not kept in cache in that case ...

Friday May 15, 2009

etime in microseconds

To set the etimes in the access log in microseconds, we need to set the following:


# ldapmodify -D <DIRECTORY_MANAGER> -w <PASSWORD> -p <PORT> -h <HOST>
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-level
nsslapd-accesslog-level: 131328
\^D

Monday Apr 06, 2009

Basic TCP/IP Tuning

These are only some tips about the TCP/IP stack tuning suggested for Directory Server:

ndd -set /dev/tcp tcp_conn_req_max_q 1024
ndd -set /dev/tcp tcp_keepalive_interval 600000
ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
ndd -set /dev/tcp tcp_ip_abort_interval 60000
ndd -set /dev/tcp tcp_strong_iss 2
ndd -set /dev/tcp tcp_smallest_anon_port 8192
ndd -set /dev/tcp tcp_naglim_def 1


In any case tuning is NEVER a one-shot. It's an iterative process in which you apply and measure the changes, possibly once per time.

About

Marco Milo

Search

Archives
« August 2015
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today