From Linuxnetworks
Contents |
[edit] LDAP indices
To improve performance, you can tell the LDAP server to maintain indices on certain attributes. This leads to much faster searches for these type of attributes.
The LDAP DNS backend mainly searches for values in associatedDomain, so maintaining an index (pres,eq,sub) on this attribute is a big performance improvement:
index associatedDomain pres,eq,sub
Furthermore if you set ldap-method=strict, it uses the aRecord and aAAARecord attribute for reverse mapping of IP addresses to names. To maintain an index (pres,eq) on these attributes also improves performance of the LDAP server:
index aAAARecord pres,eq index aRecord pres,eq
All other attributes than associatedDomain, aRecord or aAAARecord are only read if the object matches the specified criteria. Thus, maintaining an index on these attributes is useless.
If you've inserted your entries before adding these statements to your slapd.conf, you have to stop your LDAP server and call slapindex on the command line. This will generate the indices for already existing attributes
[edit] dNSTTL attribute
Converting the string in the dNSTTL attribute to an integer is a time consuming task. If you don't use a separate TTL value for each entry and use the default-ttl parameter in pdns.conf instead, you will gain a approx. 7% better performance for entries that aren't cached. You can still add a dNSTTL attribute to entries that should have a different TTL than the default TTL
[edit] Access method
The method of accessing the entries in the directory affects the performance too. By default, the "simple" method is used search for entries by using their associatedDomain attribute. Alternatively you can choose the "tree" method, whereby the search is done along the directory tree, e.g. "host.example.dom" is translated into "dc=host,dc=example,dc=dom,...". This requires your LDAP DNS subtree layout to be 1:1 to the DNS tree, but then you will gain additional 7% better performance values
