On Tue, Aug 07, 2007 at 12:32:54PM -0400, Rob Crittenden wrote: > Jonathan Barber wrote: > >Hello all, currently we have a FDS instance running on RHEL4 with a > >small number of entries (6,000), we also have a linux compute cluster of > >100 nodes which uses LDAP for user account data (via libnss_ldap). > > SNIP > > >[0] http://directory.fedoraproject.org/wiki/Performance_Tuning > >[1] > >http://www.mozilla.org/projects/security/pki/nss/nss-3.2-performance-results > >[2] server$ ./selfserv -n "Server-Cert" -p 6000 > > client$ time ./strsclnt -p 6000 server -c 1000 > > strsclnt: -- SSL: Server Certificate Validated. > > strsclnt: 0 cache hits; 1 cache misses, 0 cache not reusable > > strsclnt: 999 cache hits; 1 cache misses, 0 cache not reusable > > > > real 0m0.605s > > user 0m0.795s > > sys 0m0.226s > > Your SSL test is probably not representative of the real world. It did > just one full handshake. You may want to look at the -P and -N options > of strsclnt. It may be that each getent is doing a full handshake. I considered that, but I have the situation where the server is being bogged down instead of the clients, and I don't use client certs to auth. So as I understand it, the server doesn't do any validation and the burden should be on the client and not the server. Additionally, I have "tls_checkpeer no" set on my client's nss_ldap config. Running the same test with the -N option on strsclnt took ~30 seconds. > rob > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389 -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
