LDAP-UX Integration Performance and Tuning Guidelines
Client Activity
User driven activity on the client can lead to increased load on the LDAP directory server. This level of activity can
often cause peak loads during certain periods of the day. Examples of this could be a rigorous work schedule, which
calls for all employees to login by 8:00AM. Or it could be caused indirectly, such as a regularly scheduled system
backup on many simultaneous systems.
Before determining the average load of an LDAP-UX client, it’s also important to determine what the peak load of
those clients could be. This process is obviously complex and different for every environment. One way to address
client average and peak load is to gather sample data from typical clients.
ldapclientd cache daemon
B.03.00 introduces new cache daemon, which caches passwords, groups, netgroups and X.500 group membership
(refer to “Installing and Administering the LDAP-UX product” for more information about X.500 group
membership³
3
.) information retrieved from an LDAP server. This significantly reduces LDAP-UX’s response time
to application. Another major feature of B.03.00 is support of multiple domains for Microsoft Active Directory
Server. All multiple domain requests go through the ldapclientd cache daemon.
The daemon is tunable. The administrator can tune certain parameter provided by the ldapclientd cache daemon.
See man ldapclientd cache daemon for more detailed. Sample configuration file for ldapclientd cache daemon
is provided in the Appendix D
• The ldapclientd cache daemon process improves performance and extends the capabilities of LDAP-UX clients
by caching entries.
• The ldaplientd cache daemon only caches entries from an LDAP directory server, so pwgrd should be disabled
to maintain high performance if other name service subsystems are used.
• The ldapclientd cache daemon only caches passwd, group, netgroup and X.500 group membership.
• The ldapclientd cache daemon maintains and re-uses connections to the directory server, reducing binding and
disconnection, which significantly reduces the server load and network traffic. If connections are required to
multiple directory servers (such as with ADS multi-domain support,) ldapclientd cache daemon will
simultaneously maintain those connections. Connections to directory servers are brought down if name service
requests become infrequent.
• The administrator may configure the cache daemon. For example, for each service (passwords, groups, …) the
cache_ttl can be tuned to balance performance needs vs. timely data updates. cache_ttl is a tunable parameter
(in seconds), which lets administrator configure, how often Positive and Negative cache should be flushed. The
Positive/Negative cache is created by search request hits and misses. The access log from the Directory server
can be use to determine the number of hit or miss for each search request. Administrator can tune the cache_ttl
parameter as needed.
• Since passwords and groups information are not changed frequently, it can be set to higher value. The
administrator can set the value of time a search entry resides in the positive and negative caches. This way we
stop unnecessary cache flushes and reduce load on the server.
• /opt/ldapux/bin/ldapclientd –s command shows general cache statistics summary. Administrator can monitor
the statistics and tune the cache-size parameter. Cache-size parameter allows administrator to set maximum
number of bytes that should be cached by ldapclientd cache daemon. cache-size can be estimated by average
size of and entry and maximum number of entries. /opt/ldapux/bin/ldapclientd –s and capacity of the machine
³ Hewlett-Packard Company 2002 Installing and Administering LDAP-UX Client Services,
http://docs.hp.com/hpux/internet/#LDAP-UX%20Integration
Page 8