On 11/15/2016 11:58 AM, Marc Sauton wrote:
What is the test filter like?
my $LDAP_BASE = 'dc=dept,dc=uni,dc=edu';
my $LDAP_ATTRS = [qw/cn/];
my $LDAP_FILTER = '(cn=sysadm)';
...
my $ldap =
Net::LDAP->new( $LDAP_SERVER, timeout => $TIMEOUT, onerror =>
'die' )
or die "error: connect failed: $LDAP_SERVER: $@";
# anon binds must be permitted by server
my $mesg = $ldap->bind();
$mesg = $ldap->search(
base => $LDAP_BASE,
filter => $LDAP_FILTER,
attrs => $LDAP_ATTRS
);
Can we see a sanitized sample of the access log with the SRCH and RESULT?
I'm working on getting that during a CPU spike, as well as the gdb
stacktraces that Rich requested.
If using SSL, review the output of
cat /proc/sys/kernel/random/entropy_avail
SSL is available, but we don't operate all of the clients, so I'm not
sure how many use it. At the moment, that file's content is a number
around 150 on each server.
Do we have replication? (and large attribute values?)
Yes on replication. Unsure about large attribute values.
You may want to run the "dbmon.sh" script to monitor cache usage for
db cache and entry cache, try to capture a few samples of line about
dbcachefree and userroot:ent (if the db with the problems is
userroot), when the searches are becoming too long, like this example:
INCR=1 HOST=m2.example.com <http://m2.example.com>
BINDDN="cn=directory manager" BINDPW="password" VERBOSE=2
/usr/sbin/dbmon.sh
and review the ns-slapd errors and system messages log files for any
unusual activity.
I'm watching that now. At the moment, output looks like:
dbname count free free% size
userroot:ent 3606 78696358 75.1 7254.9
userroot:dn 3606 10162904 96.9 89.5
what is the ns-slapd memory foot print from restart to slow responses?
A couple of seconds after startup:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
32654 ldap 20 0 2740472 84884 37396 S 1.7 4.5 0:00.99
ns-slapd
And then a minute later:
32654 ldap 20 0 2742196 88060 37504 S 32.9 4.7 0:05.65
ns-slapd
any "too high" disk i/o? (or "bad" ssd?)
There's more write activity than I'd expect (reported by iostat), and
the slapd db files show mtime updates regularly, but I've enabled the
audit log and see no updates logged. That's what I'd expect; we don't
anticipate many writes to these DBs.
# find /var/lib/dirsrv/slapd-master1/ -type f -mmin -5 | xargs ls -l
-rw-------. 1 ldap ldap 2408448 Nov 15 21:01
/var/lib/dirsrv/slapd-master1/db/__db.001
-rw-------. 1 ldap ldap 7380992 Nov 15 21:01
/var/lib/dirsrv/slapd-master1/db/__db.002
-rw-------. 1 ldap ldap 22897880 Nov 15 21:01
/var/lib/dirsrv/slapd-master1/db/__db.003
# date
Tue Nov 15 21:01:09 UTC 2016
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
