saslauthd performance anxiety
simon.brady at otago.ac.nz
simon.brady at otago.ac.nz
Thu Jan 9 06:51:29 EST 2003
On Wed, 1 Jan 2003, Kervin L. Pierre wrote:
> Maybe you should seriously consider moving from back-shell to back-perl,
> which you can optimize much more and is probably quicker right of the
> bat, since it does not spawn a separate process for the interpreter.
>
> Better still, have you thought of back-meta or back-ldap? These were
> designed for ldap routing.
Hmmm, good suggestions. I'd looked at the OpenLDAP 2.1 Admin Guide early
on, and nothing in it jumped out at me as justifying going beyond 2.0.27
(the words "latest stable" have a warm glow about them...). If I'd known
about these other back-ends I would probably have decided differently.
Given that 2.1 is a big unknown to us (and it seems to want things like
DB4 which we don't have experience with), I'm not keen on dropping it into
production without some serious testing. Still, it sounds like just what
we need.
(On the subject of OpenLDAP and back-shell, I should also mention that we
uncovered a nasty race condition that can lead to deadlocked shell
subprocesses. The bug report and fix are at
http://www.OpenLDAP.org/its/index.cgi?findid=2262)
> I suspect you're optimizing the the wrong bottleneck.
You are sooo right - I upped the saslauthd pool enough to prevent
exhaustion, and we were fine for the first few days until the users came
back. By about 9am Friday the CPU overhead of spawning all those perl
processes had authentication timing out horribly (and the above-mentioned
deadlock issue didn't help either). And that was just the start...
In the end I reduced the load by hacking saslauthd (as described in my
reply to Igor), which bought us time to write and test a C replacement for
the perl. Of course the perl is much easier to understand and maintain, so
going to a smart back-end is a better long-term solution.
Oh well, live and learn... Thanks for the advice all the same!
Simon Brady mailto:simon.brady at otago.ac.nz
Systems Specialist Ph. +64 3 479-5217
ITS Technical Services Fax +64 3 479-5080
University of Otago, Dunedin, New Zealand Mobile +64 27 411-6045
More information about the Info-cyrus
mailing list