openldap2.4.45 mdb 写入性能提升配置

来源：互联网发布：淘宝国际货运怎么发货编辑：程序博客网时间：2024/05/23 21:49

编译安装openldap

[yeqiang@localhost openldap-2.4.45]$ ./configure[yeqiang@localhost openldap-2.4.45]$ make depend[yeqiang@localhost openldap-2.4.45]$ make[yeqiang@localhost openldap-2.4.45]$ sudo make install

编辑slapd.ldif文件

## See slapd-config(5) for details on configuration options.# This file should NOT be world readable.#dn: cn=configobjectClass: olcGlobalcn: configolcLogLevel: nonestructuralObjectClass: olcGlobalcreatorsName: cn=configolcIdleTimeout: 30olcThreads: 8### Define global ACLs to disable default read access.#olcArgsFile: /usr/local/var/run/slapd.argsolcPidFile: /usr/local/var/run/slapd.pid## Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#olcReferral:ldap://root.openldap.org## Sample security restrictions#Require integrity protection (prevent hijacking)#Require 112-bit (3DES or better) encryption for updates#Require 64-bit encryption for simple bind#olcSecurity: ssf=1 update_ssf=112 simple_bind=64## Load dynamic backend modules:##dn: cn=module,cn=config#objectClass: olcModuleList#cn: module#olcModulepath:/usr/local/libexec/openldap#olcModuleload:back_bdb.la#olcModuleload:back_hdb.la#olcModuleload:back_ldap.la#olcModuleload:back_passwd.la#olcModuleload:back_shell.ladn: cn=schema,cn=configobjectClass: olcSchemaConfigcn: schemainclude: file:///usr/local/etc/openldap/schema/core.ldifinclude: file:///usr/local/etc/openldap/schema/cosine.ldifinclude: file:///usr/local/etc/openldap/schema/inetorgperson.ldif# Frontend settings#dn: olcDatabase=frontend,cn=configobjectClass: olcDatabaseConfigobjectClass: olcFrontendConfigolcDatabase: frontend## Sample global access control policy:#Root DSE: allow anyone to read it#Subschema (sub)entry DSE: allow anyone to read it#Other DSEs:#Allow self write access#Allow authenticated users read access#Allow anonymous users to authenticate##olcAccess: to dn.base="" by * read#olcAccess: to dn.base="cn=Subschema" by * read#olcAccess: to *#by self write#by users read#by anonymous auth## if no access controls are present, the default policy# allows anyone and everyone to read anything but restricts# updates to rootdn.  (e.g., "access to * by * read")## rootdn can always read and write EVERYTHING!######################################################################### LMDB database definitions########################################################################dn: olcDatabase=mdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcMdbConfigolcDatabase: mdbOlcDbMaxSize: 1073741824000olcDbCheckpoint: 8192 15olcLastMod: TRUEolcDbNoSync: TRUEolcSuffix: c=cnolcRootDN: cn=Manager,c=cn# Cleartext passwords, especially for the rootdn, should# be avoided.  See slappasswd(8) and slapd-config(5) for details.# Use of strong authentication encouraged.olcRootPW: secret# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools.# Mode 700 recommended.olcDbDirectory:/usr/local/var/openldap-data# Indices to maintainolcDbIndex: objectClass eqolcDbIndex: c eqolcDbIndex: cn eqolcDbIndex: sn eq

运行脚本准备目录、初始化及启动服务器，脚本如下：

rm /usr/local/etc/openldap/slapd.d -rfmkdir /usr/local/etc/openldap/slapd.d  -prm /usr/local/var/openldap-data/* -rfrm /usr/local/var/run -rfmkdir /usr/local/var/run -p#use my config filecp slapd.ldif /usr/local/etc/openldap/slapd.ldif -f/usr/local/sbin/slapadd -n 0 -F /usr/local/etc/openldap/slapd.d -l /usr/local/etc/openldap/slapd.ldif#start server/usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.dldapadd -x -D "cn=Manager,c=cn" -W -f /rootdn.ldif

其中rootdn.ldif内容如下

dn: c=cn objectclass: countryc: cndn: cn=Manager,c=cnobjectclass: organizationalRolecn: Manager

实际测试16线程写入，每次约1.1KB数据，平均写入性能7000次/秒

CPU：Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

内存： 16G

硬盘：固态

Docekr：Docker version 1.8.2-fc22, build cb216be/1.8.2（docker中安装启动的openldap服务器，会比物理机器上跑有约20%性能损失）

阅读全文

0 0