[prev in list] [next in list] [prev in thread] [next in thread]
List: ldap
Subject: [ldap] Apache 2.0 & mod_auth_ldap
From: "Prohaska, Tim" <tim.prohaska () honeywell ! com>
Date: 2004-04-19 19:57:07
Message-ID: LYRIS-886202-700492-2004.04.19-15.57.31--ldap#progressive-comp.com () listserver ! itd ! umich ! edu
[Download RAW message or body]
The following snippet is from my efforts to compile Apache2 with
mod_auth_ldap.
In the previous version of mod_auth_ldap, there was an option to let it know
that the SDK was netscape. Is there an option that I'm missing for this
version?
make results ....
util_ldap.c: In function `util_ldap_connection_open':
util_ldap.c:256: error: `LDAP_OPT_X_TLS_HARD' undeclared (first use in this
func
tion)
util_ldap.c:256: error: (Each undeclared identifier is reported only once
util_ldap.c:256: error: for each function it appears in.)
util_ldap.c:257: error: `LDAP_OPT_X_TLS' undeclared (first use in this
function)
util_ldap.c: In function `util_ldap_post_config':
util_ldap.c:1223: error: `LDAP_OPT_X_TLS_CACERTFILE' undeclared (first use
in th
is function)
Thanks,
Tim
-----Original Message-----
From: LDAP list digest [mailto:ldap@listserver.itd.umich.edu]
Sent: Friday, April 16, 2004 11:03 PM
To: ldap digest recipients
Subject: ldap digest: April 16, 2004
LDAP Digest for Friday, April 16, 2004.
1. high ldap load
2. Antwort: RE: Antwort: with what should I replace nis? [Virus
checked]
3. Re: high ldap load
4. RE: high ldap load
----------------------------------------------------------------------
Subject: high ldap load
From: Mantas Kaulakys <lists@stotis.lt>
Date: Fri, 16 Apr 2004 09:24:14 +0300
X-Message-Number: 1
Hello,
I use OpenLDAP to authenticate mail users through postfix and
courier-imap.
I have around 50 domains, with ~700 users.
slapd is now only used by postfix and courier. I get around 20 msgs/min
and around 60 pop3 connections/min. I think this is not much at all,
but my slapd process takes 20-50% of the cpu, i think this is far
too much..
My hardware: 2,4 Xeon, 1Gb RAM, etc. OS FreeBSD 5.2.1
So my question is, how do I minimize the load ? Have I configured slapd
wrong ?
I use, database bdb, loglevel 0 and no indexes.
My mailserver is inside a jail and slapd is outside, maybe it has
also something to do with this ?
--
Best regards,
Mantas
----------------------------------------------------------------------
Subject: Antwort: RE: Antwort: with what should I replace nis? [Virus
checked]
From: denis.havlik@t-mobile.at
Date: Fri, 16 Apr 2004 10:01:04 +0200
X-Message-Number: 2
This is a multipart message in MIME format.
--=_alternative 002C0B44C1256E78_=
Content-Type: text/plain; charset="us-ascii"
> Authentication with pam/ldap over ssl/tls is much slower than with ndis.
Even without ssl/tls it's slower.
My sugestion was to do authentication with kerberos, and authorisation
with LDAP. You can even do Kerberos authentication with NIS authorisation,
if that's more to your liking. LDAP is nice because it can be used for
authentication of other things, not just UNIX accounts, but this may be
irrelevant to you.
Isn't there some way to do what we need without pam?
Oh, I'm quite sure there is - write your own login stuff. Obviously this
means "nonstandard" and "lots of work" => I wouldn't recomend it even on
open systems where you have the complete code. On Irix it means even more
work...
--=_alternative 002C0B44C1256E78_=
Content-Type: text/html; charset="us-ascii"
<br>
<br>
<br>
<br><font size=3 face="Times New Roman">></font><font size=2 color=blue
face="Arial">Authentication with pam/ldap over ssl/tls is much slower than
with ndis. Even without ssl/tls it's slower.</font>
<br>
<br><font size=3 face="Times New Roman">My sugestion was to do
authentication with kerberos, and authorisation with LDAP. You can even do
Kerberos authentication with NIS authorisation, if that's more to your
liking. LDAP is nice because it can be used for authentication of other
things, not just UNIX accounts, but this may be irrelevant to you.</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 color=blue face="Arial">Isn't there some way to do what we
need without pam?</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 face="sans-serif">Oh, I'm quite sure there is - write your
own login stuff. Obviously this means "nonstandard" and "lots
of work" => I wouldn't recomend it even on open systems where you
have the complete code. On Irix it means even more work...</font>
<br>
<br>
--=_alternative 002C0B44C1256E78_=--
----------------------------------------------------------------------
Subject: Re: high ldap load
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Fri, 16 Apr 2004 12:57:52 +0200
X-Message-Number: 3
fre, 16.04.2004 kl. 08.24 skrev Mantas Kaulakys:
> I use OpenLDAP to authenticate mail users through postfix and
> courier-imap.
>
> I have around 50 domains, with ~700 users.
> slapd is now only used by postfix and courier. I get around 20 msgs/min
> and around 60 pop3 connections/min. I think this is not much at all,
> but my slapd process takes 20-50% of the cpu, i think this is far
> too much..
>
> My hardware: 2,4 Xeon, 1Gb RAM, etc. OS FreeBSD 5.2.1
>
> So my question is, how do I minimize the load ? Have I configured slapd
wrong ?
> I use, database bdb, loglevel 0 and no indexes.
You mention nothing about software versions or OS/distro. F.ex. the
original Openldap 2.0.27 on RH RHEL3 has been commented on as being
painfully slow (on RHEL2 it wasn't).
Definitely index all attributes used for your Postfix mail and watch
logs at d256 to see with index qualifiers slapd barfs about.
Running ldapi instead of tcp on the same machine boosts performance.
If you're running recent Openldap (preferably 2.1.29 or 2.2.9) a
proxy-cache slave slapd on the same or another machine should increase
performance dramatically.
> My mailserver is inside a jail and slapd is outside, maybe it has
> also something to do with this ?
Most probably not.
--Tonni
--
Kattekots op de vloer
na de moeë thuiskomst,
weinig walg verwekt.
Getrouw als kind
de kat heet welkom,
wellicht nog knabbels krijgt.
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
----------------------------------------------------------------------
Subject: RE: high ldap load
From: Digant Kasundra <digant@uta.edu>
Date: Fri, 16 Apr 2004 15:14:36 -0500
X-Message-Number: 4
I'm curious if you are using IBM Dual Xeon?
I had a high load/slow performance issue with my IBM Dual Xeon machines. I
thought it was OpenLDAP generating a high load but when I did vmstat and
checked out my wa column, I came to realize that there were many idle
processes waiting for I/O on the disk. For some reason, my SCSI disks were
really slow and causing lots of waits for access, which in turn was driving
up the cpu load on the machine.
I didn't find a solution, however. I was just lucky those machines were
test boxes and that my production machines had excellent disk I/O speeds.
-----------------------------
Digant C Kasundra
Software Systems Specialist
Office of Information Technology
University of Texas at Arlington
(817) 272-1291 - digant@uta.edu
To request technical support, please
contact our computing Help Desk at
817-272-2208 or helpdesk@uta.edu.
> -----Original Message-----
> From: Mantas Kaulakys [mailto:lists@stotis.lt]
> Sent: Friday, April 16, 2004 1:24 AM
> To: ldap@umich.edu
> Subject: [ldap] high ldap load
>
>
> Hello,
>
> I use OpenLDAP to authenticate mail users through postfix and
> courier-imap.
>
> I have around 50 domains, with ~700 users.
> slapd is now only used by postfix and courier. I get around
> 20 msgs/min
> and around 60 pop3 connections/min. I think this is not much at all,
> but my slapd process takes 20-50% of the cpu, i think this is far
> too much..
>
> My hardware: 2,4 Xeon, 1Gb RAM, etc. OS FreeBSD 5.2.1
>
> So my question is, how do I minimize the load ? Have I
> configured slapd wrong ?
> I use, database bdb, loglevel 0 and no indexes.
>
> My mailserver is inside a jail and slapd is outside, maybe it has
> also something to do with this ?
>
>
> --
> Best regards,
> Mantas
>
>
> ---
> You are currently subscribed to ldap@umich.edu as:
> [digant@uta.edu] To unsubscribe send email to
> ldap-request@umich.edu with the word UNSUBSCRIBE as the
> SUBJECT of the message.
>
---
END OF DIGEST
---
You are currently subscribed to ldap@umich.edu as:
[tim.prohaska@honeywell.com]
To unsubscribe send email to ldap-request@umich.edu with the word
UNSUBSCRIBE as the SUBJECT of the message.
---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic