Jonathan Barber wrote: > Hello all, currently we have a FDS instance running on RHEL4 with a > small number of entries (6,000), we also have a linux compute cluster of > 100 nodes which uses LDAP for user account data (via libnss_ldap). SNIP > [0] http://directory.fedoraproject.org/wiki/Performance_Tuning > [1] http://www.mozilla.org/projects/security/pki/nss/nss-3.2-performance-results > [2] server$ ./selfserv -n "Server-Cert" -p 6000 > client$ time ./strsclnt -p 6000 server -c 1000 > strsclnt: -- SSL: Server Certificate Validated. > strsclnt: 0 cache hits; 1 cache misses, 0 cache not reusable > strsclnt: 999 cache hits; 1 cache misses, 0 cache not reusable > > real 0m0.605s > user 0m0.795s > sys 0m0.226s Your SSL test is probably not representative of the real world. It did just one full handshake. You may want to look at the -P and -N options of strsclnt. It may be that each getent is doing a full handshake. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070807/f80a41bf/attachment.bin
