[Freeipa-users] bind-dyndb-ldap vs DLZ
Jorgen Lundman
lundman at lundman.net
Fri Mar 27 06:45:56 UTC 2015
> Hmm, that stinks! I would be happy to look into it if you can provide me with
> output from a profiler of your choice. (It might be a good idea to profile
> bind-dyndb-ldap together with whole named process to see all the interactions.)
>
Hold those horses. I must admit this timing didn't sit right with me, the
more I thought about it. Since my test was all new, I created a slapd.conf
from scratch. Forgot all about entryUUID index!
I took out the creations of the empty master/$domain/keys directories. We
don't use any of that.
I noticed that its not the syncrepl that is slow, it is the MOD update of
all idnsSOAserial. Unfortunately, they are all on one connection, so
increasing
arg "connections 15";
does not help.
I took out the updates of idnsSOAserial by making
ldap_replace_serial(return ISC_R_SUCCESS);
Startup time is just under 2 minutes. I can certainly live with that. Just
go to work out if we can actually use it without idnsSOAserial or not. We
have just ldap master using syncrepl to each DNS server's local slapd. Then
named to use that. No xfers, no slaves etc.
Shutdown is still slow, but that appears to be a Solaris bug, after all
zones are shutdown and listening ports released, it sits around calling
lwp_park and unpark for 10 minutes. I can debug that later.
--
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
More information about the Freeipa-users
mailing list