Web lists-archives.com

Re: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable), performance tunning ?




Are use using zarafaAccount=1 withing the search filters? 
I use this things like this : 

(&(objectClass=person)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s))) 
Or for groups.
(&(objectclass=group)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))

That helps a lot.

! If you switch to kopano beware to change the SCHEMA and filters
zarafaAccount changed to kopanoAccount 


Greetz. 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens Gaetan SLONGO via
> samba
> Verzonden: donderdag 23 maart 2017 11:12
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] [Samba 4.5] Very slow LDAP Queries (almost unusable),
> performance tunning ?
> Urgentie: Hoog
> 
> 
> Dear users,
> 
> We are facing to a big latency issue regarding the LDAP Server (both
> encrypted & plain).
> 
> We have a Zarafa mail server which makes a lot of queries and puts a samba
> process to 100% usage. This latency makes the mail server unusable.. The
> mail server was previously on OpenLDAP and there was not performance
> issues.
> 
> A simple LDAP query can take up to 25 sec to perform !!
> 
> We have added some indexes :
> 
> [root@califix ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b
> @INDEXLIST
> # record 1
> dn: @INDEXLIST
> @IDXONE: 1
> @IDXVERSION: 2
> @IDXATTR: objectClass
> @IDXATTR: msDS-Cached-Membership-Time-Stamp
> @IDXATTR: userPrincipalName
> @IDXATTR: rpcNsInterfaceID
> @IDXATTR: fileExtPriority
> @IDXATTR: dnsRoot
> @IDXATTR: mSMQLabelEx
> @IDXATTR: dNSTombstoned
> @IDXATTR: msDS-PhoneticCompanyName
> @IDXATTR: msSFU30Domains
> @IDXATTR: dhcpType
> @IDXATTR: ou
> @IDXATTR: gidNumber
> @IDXATTR: msFVE-VolumeGuid
> @IDXATTR: msTSManagingLS2
> @IDXATTR: implementedCategories
> @IDXATTR: oMTIndxGuid
> @IDXATTR: cOMClassID
> @IDXATTR: volTableIdxGUID
> @IDXATTR: l
> @IDXATTR: mSMQDigests
> @IDXATTR: msTSExpireDate4
> @IDXATTR: flatName
> @IDXATTR: msSFU30YpServers
> @IDXATTR: packageFlags
> @IDXATTR: mSMQOwnerID
> @IDXATTR: objectCategory
> @IDXATTR: msSFU30IsValidContainer
> @IDXATTR: msTSProperty02
> @IDXATTR: mS-DS-CreatorSID
> @IDXATTR: proxyAddresses
> @IDXATTR: msPKI-Cert-Template-OID
> @IDXATTR: uNCName
> @IDXATTR: mS-SQL-Name
> @IDXATTR: fSMORoleOwner
> @IDXATTR: msSFU30NisDomain
> @IDXATTR: otherMailbox
> @IDXATTR: location
> @IDXATTR: msSFU30NetgroupHostAtDomain
> @IDXATTR: uSNChanged
> @IDXATTR: sIDHistory
> @IDXATTR: birthLocation
> @IDXATTR: msDS-SecondaryKrbTgtNumber
> @IDXATTR: msTSProperty01
> @IDXATTR: msTSManagingLS4
> @IDXATTR: msSFU30OrderNumber
> @IDXATTR: msDS-HABSeniorityIndex
> @IDXATTR: primaryGroupID
> @IDXATTR: mSMQQueueType
> @IDXATTR: msDFSR-ReplicationGroupGuid
> @IDXATTR: msDS-PhoneticDepartment
> @IDXATTR: mail
> @IDXATTR: msSFU30Name
> @IDXATTR: msSFU30NetgroupUserAtDomain
> @IDXATTR: fromServer
> @IDXATTR: displayName
> @IDXATTR: msTSLicenseVersion2
> @IDXATTR: groupType
> @IDXATTR: msTSLicenseVersion3
> @IDXATTR: msTSLicenseVersion4
> @IDXATTR: userAccountControl
> @IDXATTR: physicalLocationObject
> @IDXATTR: servicePrincipalName
> @IDXATTR: msTSExpireDate
> @IDXATTR: serviceClassName
> @IDXATTR: lDAPDisplayName
> @IDXATTR: zarafaAccount
> @IDXATTR: terminalServer
> @IDXATTR: givenName
> @IDXATTR: msTSManagingLS3
> @IDXATTR: msSFU30MaxUidNumber
> @IDXATTR: msDS-Entry-Time-To-Die
> @IDXATTR: msTSLSProperty01
> @IDXATTR: msDS-PhoneticFirstName
> @IDXATTR: trustPartner
> @IDXATTR: msTSLSProperty02
> @IDXATTR: msTSExpireDate3
> @IDXATTR: objectGUID
> @IDXATTR: showInAdvancedViewOnly
> @IDXATTR: rpcNsTransferSyntax
> @IDXATTR: sAMAccountName
> @IDXATTR: mS-SQL-Version
> @IDXATTR: msDS-Site-Affinity
> @IDXATTR: sn
> @IDXATTR: name
> @IDXATTR: nETBIOSName
> @IDXATTR: sAMAccountType
> @IDXATTR: msTSManagingLS
> @IDXATTR: msDFSR-DfsPath
> @IDXATTR: altSecurityIdentities
> @IDXATTR: USNIntersite
> @IDXATTR: msSFU30MasterServerName
> @IDXATTR: msDS-PhoneticLastName
> @IDXATTR: cn
> @IDXATTR: netbootGUID
> @IDXATTR: lastLogonTimestamp
> @IDXATTR: legacyExchangeDN
> @IDXATTR: mSMQLabel
> @IDXATTR: uSNCreated
> @IDXATTR: mS-SQL-Database
> @IDXATTR: msDS-PhoneticDisplayName
> @IDXATTR: msSFU30MaxGidNumber
> @IDXATTR: rpcNsObjectID
> @IDXATTR: timeVolChange
> @IDXATTR: msTSExpireDate2
> @IDXATTR: groupAttributes
> @IDXATTR: physicalDeliveryOfficeName
> @IDXATTR: msFVE-RecoveryGuid
> @IDXATTR: msDS-AdditionalSamAccountName
> @IDXATTR: objectSid
> @IDXATTR: keywords
> @IDXATTR: mS-SQL-Alias
> @IDXATTR: invocationId
> @IDXATTR: msTSLicenseVersion
> @IDXATTR: requiredCategories
> @IDXATTR: msDS-AzObjectGuid
> distinguishedName: @INDEXLIST
> 
> There is any way to improve LDAP responses times ? It seems there is only
> one process which is managing LDAP queries (no forks/threads?)
> 
> Thank you in advance for your help !!
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba