Directory Server Performance Tuning

Completing a Sun Directory Server performance benchmark is not a simple task, and requires much planning and knowledge to be completed successfully. In any performance benchmark, one of the final phases is the wrap-up phase that consists of specific activities required to collect and analyze data (testing and configuration). This normally includes throughput, latency and utilization. With this in mind, we look now at some pertinent information about tuning the directory server.

One of the main factors limiting server performance is the amount of time it takes to update information in files on the physical disks of the machine on which the directory is running. When a write operation of any type is performed, the directory writes information to files in many different places. Appropriate indexes are updated. The update is noted in the transaction log. The change log is updated if replication is to be performed. In order to guarantee the integrity of its data, the directory never considers a write operation complete until the underlying operating system has confirmed that all of the appropriate files have been updated on physical media. Since disk access is significantly slower than memory access, write operations are often many times slower than reads, as reads are often completed out of the inmemory caches. Therefore, anything that reduces or eliminates disk traffic speeds updates. Although disk configuration (which was covered in Chapter 8 "Selecting Storage for Optimum Directory Server Performance") and other hardware resources play a factor, the configuration of the server can have a huge impact on the performance of the directory server. The tuning parameters listed in TABLE 9-5 through TABLE 9-26 are key to the performance of the directory server.

Core Sun ONE Directory Server Software Configuration

Table 9-5. `cn=config`

Attribute	`nsslapd-accesslog`
Default Value	< ServerRoot >/< slapd-serverID> `/logs/access`
Comment	Used to specify the location of the access log files
Tuning Recommendation(s)	Storing log files on a separate volume can help reduce the I/O overhead associated with logging.

Table 9-6. `cn=config`

Attribute	`nsslapd-errorlog`
Default Value	< ServerRoot >/< slapd-serverID> `/logs/error`
Comment	Used to specify the location of the error log files
Tuning Recommendation(s)	Storing log files on a separate volume can help reduce the I/O overhead associated with logging.

Table 9-7. `cn=config`

Attribute	`nsslapd-auditlog`
Default Value	< ServerRoot >/< slapd-serverID> `/logs/audit`
Comment	Used to specify the location of the audit log files
Tuning Recommendation(s)	Storing log files on a separate volume can help reduce the I/O overhead associated with logging.

Table 9-8. `cn=config`

Attribute	`nsslapd-accesslog-logbuffering`
Default Value	`on`
Comment	Indicates whether the server buffers access log information in memory for delayed writes in bulk, or commits this information immediately to disk.
Tuning Recommendation(s)	Buffering is enabled by default, which provides better performance. However, if the server shuts down abruptly or is killed , it is possible that some log data will not be written.

Table 9-9. `cn=config`

Attribute	`nsslapd-maxdescriptors`
Default Value	`65536`
Comment	Indicates whether the server buffers access log information in memory for delayed writes in bulk, or commits this information immediately to disk.
Tuning Recommendation(s)	Since each connection to the server consumes a file descriptor, this configuration attribute can have an impact on the number of concurrent connections that the server can handle. Note that increasing this value may require changes to the Operating System configuration to support more file descriptors.

Table 9-10. `cn=config`

Attribute	`nsslapd-threadnumber`
Default Value	`30`
Comment	Specifies the number of worker threads that are used by the directory server to handle requests .
Tuning Recommendation(s)	We have found that the directory server exhibits best performance when the number of worker threads is a multiple of the number of CPUs in the system, however it should be at least 16 or 20 to prevent the server from becoming unresponsive if a number of inefficient queries are requested at the same time.

Table 9-11. `cn=config`

Attribute	`nsslapd-schemacheck`
Default Value	`on`
Comment	Specifies whether the directory server enforces schema checking.
Tuning Recommendation(s)	Although disabling this configuration parameter may improve performance for imports and update operations, it also introduces the danger that information added to the database is not valid and possibly may not be able to be found by clients under some circumstances. Therefore, it is recommended that schema checking only be disabled on master servers only for imports, or only for cases in which it is possible to guarantee that all clients accessing the server will always use entries conforming to the server schema definitions (this includes administrators who might make changes using `ldapmodify` , where a typo could easily result in a change that violates schema).

Table 9-12. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-allidsthreshold`
Default Value	`4000`
Comment	Specifies the maximum number of entries allowed to match any single index key.
Tuning Recommendation(s)	If this value is too high, the server performance can degrade for update operations. If it is too low, valid searches that match more than this number of entries might take significantly longer to complete.

Table 9-13. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-directory`
Default Value	< ServerRoot >/< slapd-serverID> `/db`
Comment	Specifies the base location for the directory server database files.
Tuning Recommendation(s)	In most cases, this can be left unchanged because these files contain only parent information for the database. Each back end makes it possible to specify the location of its own database files.

Table 9-14. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-dbcachesize`
Default Value	`10485760` (10Mb)
Comment	Specifies the amount of memory (in bytes) allocated for use in caching database information.
Tuning Recommendation(s)	This database cache contains pages of the database files (including indexes and id2entry files). Any time it is necessary to access information in the database, it is significantly faster if this information is in the database cache than if it is necessary to retrieve the information from the disk-based database.

Table 9-15. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-logdirectory`
Default Value	< ServerRoot >/< slapd-serverID> `/db`
Comment	Specifies the location for the database transaction log files.
Tuning Recommendation(s)	The process of writing the transaction log files can be very I/O intensive , so it is highly recommended that these files be separated onto their own disk subsystem for best performance.

Table 9-16. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-db-home-directory`
Default Value	< ServerRoot >/< slapd-serverID> `/db`
Comment	Specifies the location of the backing files that the database uses to hold the memory-mapped database cache.
Tuning Recommendation(s)	For best performance, these files should be moved to a tempfs file system (for example., a subdirectory under `/tmp` ).

Table 9-17. `cn=config, cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-import-cachesize`
Default Value	`20971520` (20Mb)
Comment	Specifies the amount of memory that may be used for caching data during bulk imports (imports performed with `ldif2db` or `ldif2db.pl` ).
Tuning Recommendation(s)	Making more memory available (up to some point, which varies based on the server configuration and the data being imported) can improve the performance of the server during a bulk import.

Table 9-18. `cn={backend- name },cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-cachesize`
Default Value	`-1`
Comment	Specifies the maximum number of entries that may be held in the entry cache.
Tuning Recommendation(s)	This is a legacy parameter used primarily for migration from 4.x versions of the server. It is recommended that the default value of `-1` (no limit) be used and that the `nsslapd-cachememsize` be used to specify the amount of memory for use by the entry cache.

Table 9-19. `cn={backend-name},cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-cachememsize`
Default Value	`10485760` (10Mb)
Comment	Specifies the amount of memory that can be used for caching entries from this back end (that is, the entry cache).
Tuning Recommendation(s)	Whenever the server needs to retrieve an entry, it is much faster to do so from the entry cache than if it is necessary to retrieve the information from the database. Therefore, the more memory that can be used for entry caching (up to the point at which all entries are cached), the more likely it is that a given entry is in the cache.

Table 9-20. `cn={backend-name},cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-require-index`
Default Value	`off`
Comment	Specifies whether searches in this back end are required to be indexed. Indexed searches are significantly faster than unindexed searches, and unindexed searches can consume a great deal of CPU and memory.
Tuning Recommendation(s)	It is recommended therefore that appropriate indexes be defined and that the server require indexed searches.

Table 9-21. `cn={backend-name},cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-single-writer`
Default Value
Comment	Specifies whether a single or multiple threads are used when writing information to the database.
Tuning Recommendation(s)	Although using multiple threads to write to the database can yield significantly better update performance than a single thread, it also introduces a very real risk of corrupting the database. This is an experimental parameter and it should not be set to `off` under any circumstances in a directory deployment.

Table 9-22. `cn={backend-name},cn=ldbm database,cn=plugins,cn=config`

Attribute	`nsslapd-directory`
Default Value
Comment	Specifies the location of the database files associated with this back end.
Tuning Recommendation(s)	Each back end used to service a large number of requests (either read or write) can benefit greatly from having its database files stored on a different disk subsystem.

Note

The referential integrity plug-in is disabled by default, but it is needed in many environments. If it is used, then the following changes should be made.

Table 9-23. `cn=referential integrity postoperation,cn=plugins,cn=config`

Attribute	`nsslapd-pluginarg0`
Default Value
Comment	This parameter specifies the update interval for operations performed by the referential integrity plug-in.
Tuning Recommendation(s)	Its default value of zero is very bad for performance, particularly when several delete and/or modify DN operations are in progress concurrently in the server. A value of around 90 is a much better setting.

Table 9-24. `cn=referential integrity postoperation,cn=plugins,cn=config`

Attribute	`nsslapd-pluginarg3, nsslapd-pluginarg4, nsslapd-pluginarg5, ...`
Default Value	`member, uniquemember, owner, ...`
Comment	These plug-in arguments specify the attributes for which referential integrity is maintained .
Tuning Recommendation(s)	Equality indexes must be defined for these attributes in all databases. If any of these attributes do not have equality indexes, delete or modify DN operations can cause significant CPU and memory consumption.

Table 9-25. `cn={attr-name},cn=index,cn={backend-name},cn=ldbm database,cn=plugins,cn=config`

Attribute	`cn`
Default Value	N/A
Comment	Specifies the name of the attribute to index. A separate configuration entry is used for each indexed attribute in each back end.
Tuning Recommendation(s)	It is important that attributes referenced in search filters be indexed appropriately to ensure that indexes can be used to perform the searches. Similarly, maintaining indexes for attributes that are not used in search filters can degrade update performance. Note that this applies only to attributes that are not used for system indexeseven though they are not referenced in search filters, having appropriately defined indexes for those attributes is critical to ensuring directory server performance.

Table 9-26. `cn={attr-name},cn=index,cn={backend-name},cn=ldbmdatabase,cn=plugins,cn=config`

Attribute	`nsIndexType`
Default Value
Comment	Specifies the type(s) of indexes that are maintained for the associated attribute.
Tuning Recommendation(s)	Substring indexes impose the most significant performance penalty and should therefore be limited to only those attributes that absolutely require them.

Table 9-5. cn=config

Table 9-6. cn=config

Table 9-7. cn=config

Table 9-8. cn=config

Table 9-9. cn=config

Table 9-10. cn=config

Table 9-11. cn=config

Table 9-12. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-13. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-14. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-15. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-16. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-17. cn=config, cn=ldbm database,cn=plugins,cn=config

Table 9-18. cn={backend- name },cn=ldbm database,cn=plugins,cn=config

Table 9-19. cn={backend-name},cn=ldbm database,cn=plugins,cn=config

Table 9-20. cn={backend-name},cn=ldbm database,cn=plugins,cn=config

Table 9-21. cn={backend-name},cn=ldbm database,cn=plugins,cn=config

Table 9-22. cn={backend-name},cn=ldbm database,cn=plugins,cn=config

Table 9-23. cn=referential integrity postoperation,cn=plugins,cn=config

Table 9-24. cn=referential integrity postoperation,cn=plugins,cn=config

Table 9-25. cn={attr-name},cn=index,cn={backend-name},cn=ldbm database,cn=plugins,cn=config

Table 9-26. cn={attr-name},cn=index,cn={backend-name},cn=ldbmdatabase,cn=plugins,cn=config