LDAP-UX Client Services B.04.15 Administrator's Guide
5.16 Performance Considerations
This section lists some performance considerations for LDAP-UX Client Services. See the white
paper LDAP-UX Integration Performance and Tuning Guidelines at:
http://docs.hp.com/hpux/internet/#LDAP-UX%20Integration
for additional performance information.
5.16.1 Minimizing Enumeration Requests
Enumeration requests are directory queries that request all of a database, for example all users
or all groups. Enumeration requests of large databases could reduce network and server
performance. For this reason, you may want to restrict the use of commands and applications
that enumerate.
The following commands generate enumeration requests:
• finger(1)
• grget(1) with no options
• pwget(1) with no options
• groups(1)
• listusers(1)
• logins(1M)
• All netgroup calls
In addition, applications written with routines of families such as the getpwent, getgrent, gethostent,
and getnetent family of calls can enumerate a map, depending on how they are written.
5.17 Client Daemon Performance
Compared to previous networked name service systems, LDAP directory servers support a
number of new features. And the general purpose nature of LDAP allows it to support a variety
of applications, beyond those just used by a networked OS. Although directory servers have
excellent performance and scalability, the addition of these features, such as security, means that
directory applications will benefit from a design that considers performance requirements. In
order to maximize of the number of HP-UX clients that can be supported by an LDAP directory
server, and also improve client response, the ldapclientd daemon supports both data caching
and persistent network connections. Their use, benefits and side-effects are described below.
5.17.1 ldapclientd Caching
Caching LDAP data locally allows for much greater response time for name service operations.
Caching means that data that has been recently retrieved from the directory server will be
retrieved from a local store, instead of the directory server. Caching greatly reduces both directory
server load and network usage. For example, when a user logs into the system, the OS typically
needs to enquire about his/her account several times in the login process. This occurs as the OS
identifies the user, gathers account information and authenticates the user. And further requests
often occur as the account starts up new applications once a session is established. With caching,
generally only one or two LDAP operations are required.
Caching is also critical to support certain types of applications that make frequent demands on
the name service system, either because they are malfunctioning or need this specific type of
information frequently.
ldapclientd also supports what is known as a negative cache. This type of cache is used to store
meta-data about non-existent information. For example, if an application requests information
about an account that does not exist, the directory server will not return an entry, and that
negative result will be stored in a cache. Intuitively this type of cache would seem to be
un-necessary. However, applications exist that may perform these operations frequently, either
on purpose or because they are malfunctioning. For example, if a file is created with a group ID
5.16 Performance Considerations 129