saslauthd performance anxiety

Igor Brezac igor at ipass.net
Wed Jan 1 01:53:16 EST 2003


On Wed, 1 Jan 2003 simon.brady at otago.ac.nz wrote:

> I've just upgraded to imapd 2.1.11, and while it's going fine so far I'm a
> bit concerned about how it will cope under load when our students return.
>
> The problem is that I'm using the saslauthd native LDAP mechanism, and the
> directory it's binding to is quite slow (it's actually a slapd instance
> running a shell backend which routes bind requests to different places
> depending on the usercode - don't ask...). Because saslauthd makes
> synchronous bind calls, it's doesn't take many concurrent requests to
> exhaust the default pool of five instances.
>
> Since it's hard to predict peak usage, I'm tempted to run the daemon with
> the -n0 option so it can spawn as required. However, a colleague has
> pointed out that if something blows up then spawn-on-demand could kill the
> server - with a fixed-size pool, auth requests would fail but the system
> would keep going.
>

How many concurrent authentications do you need?  You can use
testsaslauthd (in $cyrus-sasl/saslauthd) to verify the performance of
saslauthd.

> Can anyone offer advice on tuning the saslauthd pool? Are there particular
> options, either on the command line or in saslauthd.conf, which I should
> be looking at?
>

Try using 'ldap_auth_method: custom'.  It is up to three times faster
than the 'bind' method.

-Igor





More information about the Info-cyrus mailing list