[K12OSN] smb/ldap performance

Glenn Arnold garnold at unrealsolutions.com
Thu Jul 20 20:52:18 UTC 2006


Our school network has about 3000 users and I am running red hat es 3.0
,openldap-2.1.22-8, samba 3.0.22 and smbltap tools 0.8.5 as a samba pdc.
My goal before school starts is to improve performance of adding users
with webmin.  The server at max might have 200 users accessing it at
once for file and print sharing and authentication. The current server
hardware for the smb/ldap pdc is on is a Compaq Proliant 7000 dual xeon
PII 450MHZ /2mb cache with 3GB of ram which I plan to move the ldap and
samba pdc to a Dell Poweredge 2850 dual 2.8GhZ with 4GB of ram.  This
change alone should improve performance of webmin when adding users that
are members of 2 or more groups.  But, what I would like to find out is
anybody on this list running a smb/ldap server with 3000 users using
webmin to create users and getting good performance out of webmin when
adding users with two or more groups associated with the user your
creating?  For example I can add a user and it takes a 1 minute or 2
just to create a user when you click create.  This has become
frustrating for my helpers and me when creating accounts.  Also, I would
like some help with my slapd.conf and see if I got my settings optimized
for my setup.  

Slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema

access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,samba
PwdMustChange
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=nssldap,ou=DSA,dc=somewhere,dc=net" write
      by self write
      by anonymous auth
      by * none
# some attributes need to be readable anonymously so that 'id user' can
answer correctly
access to
attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,m
emberUid,loginshell
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by * read
# somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by self write
      by * read
# some attributes need to be writable for samba
access to
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,
sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sa
mbaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,s
ambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,s
ambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sa
mbaNextUserRid,sambaAlgorithmicRidBase
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by self read
      by * none
# samba need to be able to create the samba domain account
access to dn.base="dc=somewhere,dc=net"
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by * none
# samba need to be able to create new users account
access to dn="ou=Users,dc=somewhere,dc=net"
      by dn="cn=samba,ou=DSA,dc=somewhere,dc=net" write
      by dn="cn=smbldap-tools,ou=DSA,dc=somewhere,dc=net" write
      by * none
# this can be omitted but we leave it: there could be other branch
# in the directory
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
      by self write
      by anonymous auth
      by * none
access to *
      by * read
#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=somewhere,dc=net"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=Manager,dc=somewhere,dc=net"
rootpw          {SSHA}rCWryJIyAP66u64ALA6gRREQ7j2bJH0T
directory       /var/lib/ldap

#performance mods
loglevel 256
sizelimit 100000
cachesize 100000
dbcachesize 30000000

# Indices to maintain
index   objectClass,uidNumber,gidNumber                 eq
index   cn,sn,uid,displayName                           pres,sub,eq
index   memberUid,mail,givenname                eq,subinitial
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName   eq

Thanks in advance!
-Glenn




More information about the K12OSN mailing list