nss_ldap / top startup

Dan Nelson dnelson at allantgroup.com
Mon Apr 25 10:00:25 PDT 2005

In the last episode (Apr 25), Oliver Brandmueller said:
> I have some servers running running on 5.4-STABLE as of Apr 5th. I
> use nss_ldap for a userbase of currently about 24000 accounts (will
> be growing to approx 60000 in the next weeks). I don't use pam_ldap
> currently, because users only need to login by IMAP, POP, SMTP and
> FTP, for all of these services daemons are used which natively auth
> against the LDAP server.
> The more accounts there are in the LDAP directory, the longer the
> startup of "top" takes. With the current userbase top takes about 3-4
> seconds to start (on a mostly idle Dual Xeon 2.8GHz with fast disks
> and local slapd).
> The startup time is not any different, sometimes I feel (did not try
> to measure) it's even longer, if I use "top -u" to not map uids. The
> running processes are only from a few uids, all the LDAP users
> usually don't have processes running under thier IDs.

You can benchmark top by running "time top -d1", which will print one
page then immediately exit.
> Any ideas, why this is happening? Will I need 10 seconds, when there
> are 60000 accounts in LDAP? :-)

Try editing /usr/src/usr.bin/top/Makefile, add -DRANDOM_PW, and
rebuild.  That should probably be the default on FreeBSD anyway.

	Dan Nelson
	dnelson at allantgroup.com

More information about the freebsd-stable mailing list