Ldap & slapd

Back in 2004 I was playing a lot with OpenLDAP. Getting it to run reliably turned out more challenging than I had originally planned for:

  1. BerkeleyDB performance was terrible if the proper tunings were not provided. Nowhere in the docs was mentioned that this was necessary. The way to do it was to drop a DB_CONFIG file in the top level directory of the database. Not a feature of openldap, rather a feature of BerkeleyDB.
  2. Not only performance would be terrible, but even the latest BerkeleyDB versions at the time had a bug (feature?) by which with the indexes used by openldap the database would deadlock if certain parts of the index did not fit in memory. I don't remember the details of the problem, it's been too long, but I do remember it was painful, and ended up submitting changes to the openldap package in debian to make sure this was mentioned in the documentation, and that a reasonable default would be provided.
  3. At the time, OpenLDAP supported two kind of backends: BDB, and HDB, both based on BerkeleyDB. The first, older, did not support operations like 'movedn', which had been standardized in the LDAP protocol for a while, and a few other features that HDB had. HDB though, was marked as experimental. During our use, we found several bugs.

I ended up writing a tool, ldap-torture, to stress test LDAP. You can find it here: https://github.com/ccontavalli/ldap-torture

It allowed us to find a few more bugs, and get them fixed. I hadn't used that tool until yesterday, when I decided to put it on github and try to get it running again. Let's see if I succeed :)

A quick tip if you are getting started with openldap on debian: READ THE DOCUMENTATION! Start from /usr/share/doc/slapd/, the README.Debian.gz is the first file you want to read, followed by README.DB_CONFIG.gz.


Other posts

  • Speeding up the Carbon X1 Trackpad Let's say you have a Carbon X1 5th gen . Let's say your trackpoint is an TPPS/2 Elan TrackPoint (and you can check this by running xinput |grep -i Tr...
  • Docker networking on Linux When you run a an application under docker, you have a few different mechanisms you can choose from to provide networking connectivity. This article ...
  • Resizing an encrypted filesystem with LVM on Linux I recently had to increase the size of an encrypted partition on my Debian server. I have been a long time user of LVM and dm-crypt and tried similar ...
  • Debian releases - stable, testing, unstable When talking about using Debian, one of the first objections people will raise is the fact that it only has "old packages", it is not updated often en...
  • SSL Certificates, Debian, and Java Recently, I tried to run a Java application on my Debian workstation that needed to establish SSL / HTTPs connections. But... as soon as a connection...
Technology/System Administration