Commit Graph

5051 Commits

Author SHA1 Message Date
Kurt Zeilenga
2c9a238571 Allow dn.base="" 2001-09-01 05:01:31 +00:00
Kurt Zeilenga
ef7b181f8b Open databases using WRCREAT not READER. 2001-09-01 05:00:27 +00:00
Kurt Zeilenga
a49392981a There is no TLSProtocol option. 2001-08-31 16:48:30 +00:00
Kurt Zeilenga
d3cb8a357f Move Cyrus SASL initializing forward 2001-08-31 00:14:04 +00:00
Kurt Zeilenga
2b78f44203 More updates. 2001-08-30 04:54:59 +00:00
Kurt Zeilenga
71d564aee4 Add additional types to lber-types. 2001-08-30 03:02:36 +00:00
Kurt Zeilenga
749a6b1f29 Misc Update 2001-08-30 02:33:13 +00:00
Mark Adamson
fac77083cc Skip over the "dn:" prefix when passing a DN to dn_normalize(). 2001-08-29 23:01:24 +00:00
Howard Chu
44a3160fec Remove redundant call of SSL_set_info_callback, to allow users
to override it in the SSL_CTX.
2001-08-29 20:28:08 +00:00
Kurt Zeilenga
2f761834b2 Fix NEW_LGGING typo 2001-08-29 19:49:05 +00:00
Kurt Zeilenga
f7690b1194 Password-hash doesn't support UNIX, KERBEROS, SASL schemes. 2001-08-29 19:37:32 +00:00
Kurt Zeilenga
d57365f407 Minor cleanup 2001-08-29 17:08:22 +00:00
Kurt Zeilenga
a9a5a3997d Add dnnolocking warning 2001-08-29 17:08:01 +00:00
Kurt Zeilenga
ec8e41f8d8 Remove -r 2001-08-29 17:03:53 +00:00
Kurt Zeilenga
9a80d76f44 Minor rework of *text = textbuf fix 2001-08-28 21:43:00 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Kurt Zeilenga
0c13c5bbdd Use parens for clarity 2001-08-28 00:35:34 +00:00
Kurt Zeilenga
fb5df59342 Add DB 3.3 support...
likely needs work on NT4 (but so did old code)
2001-08-27 22:06:07 +00:00
Kurt Zeilenga
05960887bb Fix -H ldaps:// crashes due to rework of TLS code 2001-08-27 20:22:28 +00:00
Stig Venaas
70f7e55344 Changed get_listener_addresses() to not use getaddrinfo() for PF_LOCAL 2001-08-26 11:03:27 +00:00
Pierangelo Masarati
511e8b606f fix bug in '%' escaping in substitution pattern compile 2001-08-25 15:20:16 +00:00
Kurt Zeilenga
118ca0dd4b Fix db1 error and add kerberos comment 2001-08-24 20:20:34 +00:00
Kurt Zeilenga
b6fc1d3d43 Update kerberos flags 2001-08-24 20:17:23 +00:00
Mark Adamson
7378872731 Need to set error text pointer sooner in entry_schema_check(), or Debug() will SEGV 2001-08-15 15:27:26 +00:00
Pierangelo Masarati
b637967b95 fix malformed test 2001-08-04 16:46:03 +00:00
Pierangelo Masarati
8ee6168916 fix a reference to volative memory in back-ldbm/passwd.c that caused garbage messages to be returned to ldappasswd 2001-08-04 15:46:08 +00:00
Pierangelo Masarati
1eb3f8b2e4 add limits stuff to back-ldap 2001-08-04 11:10:35 +00:00
Pierangelo Masarati
b5bb74bb02 cleanup limits stuff in back-meta 2001-08-04 11:10:08 +00:00
Pierangelo Masarati
6a5b253bc6 allow multiple limits setting on one global/per backend config line 2001-08-04 11:09:25 +00:00
Pierangelo Masarati
4919363fa0 more intuitive special limits configuration 2001-08-03 17:25:39 +00:00
Pierangelo Masarati
414783058d enforces detailed search limits 2001-08-03 17:15:14 +00:00
Dmitry Kovalev
2f4d324f60 A big bunch of improvements, contributed by Sam Drake and Raj Damani.
Summary of changes is cited below.
The patch still needs some cosmetic changes to be made, but is ready for testing.

-----Original Message-----
From: Sam Drake [mailto:drake@timesten.com]
Sent: Saturday, April 07, 2001 10:40 PM
To: 'mitya@seismic.ru'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Slapd frontend performance issues


FYI, here is a short description of the changes I made.  I'll package up the
changes asap, but it may take a couple of days.

The performance numbers quoted in this report were seen at my location with
a 100,000 object database ... the slower numbers I mentioned earlier were
reported by a customer with a 1,000,000 object database.

I also can't explain the very poor performance I saw with OpenLDAP and LDBM
with a 100,000 object database.

...Sam Drake / TimesTen Performance Software

----------

Work Performed

OpenLDAP 2.0.9, including back-sql, was built successfully on Solaris
8 using gcc.  The LDAP server itself, slapd, passed all tests bundled
with OpenLDAP.  OpenLDAP was built using Sleepycat LDBM release 3.1.17
as the "native" storage manager.

The experimental back-sql facility in slapd was also built
successfully.  It was built using Oracle release 8.1.7 and the Oracle
ODBC driver and ODBC Driver Manager from Merant.  Rudimentary testing
was performed with the data and examples provided with back-sql, and
back-sql was found to be functional.

Slapd and back-sql were then tested with TimesTen, using TimesTen
4.1.1.  Back-sql was not immediately functional with TimesTen due to a
number of SQL limitations in the TimesTen product.

Functional issues encountered were:

1. Back-sql issued SELECT statements including the construct,
   "UPPER(?)".  While TimesTen supports UPPER, it does not support the
   use of parameters as input to builtin functions.  Back-sql was
   modified to convert the parameter to upper case prior to giving it
   to the underlying database ... a change that is appropriate for all
   databases.

2. Back-sql issued SELECT statements using the SQL CONCAT function.
   TimesTen does not support this function.  Back-sql was modified to
   concatentate the necessary strings itself (in "C" code) prior to
   passing the parameters to SQL.  This change is also appropriate for
   all databases, not just TimesTen.

Once these two issues were resolved, back-sql could successfully
process LDAP searches using the sample data and examples provided with
back-sql.

While performance was not measured at this point, numerous serious
performance problems were observed with the back-sql code and the
generated SQL.  In particular:

1. In the process of implementing an LDAP search, back-sql will
   generate and execute a SQL query for all object classes stored in
   back-sql.  During the source of generating each SQL query, it is
   common for back-sql to determine that a particular object class can
   not possibly have any members satisfying the search.  For example,
   this can occur if the query searches an attribute of the LDAP
   object that does not exist in the SQL schema.  In this case,
   back-sql would generate and issue the SQL query anyway, including a
   clause such as "WHERE 1=0" in the generated SELECT.  The overhead
   of parsing, optimizing and executing the query is non-trivial, and
   the answer (the empty set) is known in advance. Solution: Back-sql
   was modified to stop executing a SQL query when it can be
   predetermined that the query will return no rows.

2. Searches in LDAP are fundamentally case-insensitive ("abc" is equal
   to "aBc").  However, in SQL this is not normally the case.
   Back-sql thus generated SQL SELECT statements including clauses of
   the form, "WHERE UPPER(attribute) = 'JOE'".  Even if an index is
   defined on the attribute in the relational database, the index can
   not be used to satisfy the query, as the index is case sensitive.
   The relational database then is forced to scan all rows in the
   table in order to satisfy the query ... an expensive and
   non-scalable proposition.  Solution: Back-sql was modified to allow
   the schema designer to add additional "upper cased" columns to the
   SQL schema.  These columns, if present, contain an upper cased
   version of the "standard" field, and will be used preferentially
   for searching.  Such columns can be provided for all searchable
   columns, some columns, or no columns.  An application using
   database "triggers" or similar mechanisms can automatically
   maintain these upper cased columns when the standard column is
   changed.

3. In order to implement the hierarchical nature of LDAP object
   hierarchies, OpenLDAP uses suffix searches in SQL.  For example, to
   find all objects in the subtree "o=TimesTen,c=us", a SQL SELECT
   statement of the form, "WHERE UPPER(dn) LIKE '%O=TIMESTEN,C=US'"
   would be employed.  Aside from the UPPER issue discussed above, a
   second performance problem in this query is the use of suffix
   search.  In TimesTen (and most relational databases), indexes can
   be used to optimize exact-match searches and prefix searches.
   However, suffix searches must be performed by scanning every row in
   the table ... an expensive and non-scalable proposition.  Solution:
   Back-sql was modified to optionally add a new "dn_ru" column to the
   ldap_entries table.  This additional column, if present, contains a
   byte-reversed and upper cased version of the DN.  This allows
   back-sql to generate indexable prefix searches.  This column is
   also easily maintained automatically through the use of triggers.

Results

A simple database schema was generated holding the LDAP objects and
attributes specified by our customer.  An application was written to
generate test databases.  Both TimesTen and Oracle 8.1.7 were
populated with 100,000 entry databases.

Load Times

Using "slapadd" followed by "slapindex", loading and indexing 100,000
entries in an LDBM database ran for 19 minutes 10 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
a disk based RDBMS took 17 minutes 53 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
TimesTen took 1 minute 40 seconds.

Search Times

The command, "timex timesearch.sh '(cn=fname210100*)'" was used to
test search times.  This command issues the same LDAP search 4000
times over a single LDAP connection.  Both the client and server
(slapd) were run on the same machine.

With TimesTen as the database, 4000 queries took 14.93 seconds, for a
rate of 267.9 per second.

With a disk based RDBMS as the database, 4000 queries took 77.79 seconds,
for a
rate of 51.42 per second.

With LDBM as the database, 1 query takes 76 seconds, or 0.076 per
second.  Something is clearly broken.
2001-08-02 17:28:59 +00:00
Kurt Zeilenga
16fa8c4a21 Fix bug introduced during TLS rework 2001-08-02 04:20:11 +00:00
Kurt Zeilenga
b22ad8cf60 Add some addl. logging 2001-08-02 03:37:20 +00:00
Pierangelo Masarati
f35545b058 fix a couple of typos; schemacheck was duplicated 2001-08-01 10:47:44 +00:00
Pierangelo Masarati
8471ef7ed0 add global, per backend and per op_ndn time/size soft, hard and to-be-checked limits (exploited by back-ldbm); see slapd.conf(5) for details 2001-08-01 10:09:04 +00:00
Kurt Zeilenga
a8e3669046 Add user schema I-D 2001-08-01 05:42:28 +00:00
Kurt Zeilenga
fa62e57e8f Replaced with ldap-opattrs/features I-Ds 2001-08-01 05:41:10 +00:00
Kurt Zeilenga
fa957bc045 Update drafts to latest revs 2001-08-01 05:40:30 +00:00
Kurt Zeilenga
e83281bff3 Update to rev 04 2001-08-01 05:40:10 +00:00
Kurt Zeilenga
3a1b634ee2 Updates for back-bdb testing 2001-08-01 04:50:47 +00:00
Pierangelo Masarati
419a5ae8c9 fix typo; try to delete dn2id in case of late failure 2001-07-31 10:54:39 +00:00
Pierangelo Masarati
d8cb33ebe8 added acl check for added/removed rdn attrs 2001-07-31 10:02:19 +00:00
Kurt Zeilenga
50223981d9 Fix typo 2001-07-31 07:53:21 +00:00
Kurt Zeilenga
b09727567d Clean up 2001-07-31 04:55:14 +00:00
Kurt Zeilenga
60c4893b93 Last changes should have been #ifdef 2001-07-31 04:30:11 +00:00
Kurt Zeilenga
0bcc892fdf Fix basic operations 2001-07-31 04:24:29 +00:00
Kurt Zeilenga
ca7ba1a3fd Fix slapadd crash when only a subset of databases have been initialized.
Likely should have a general solution to this.
2001-07-31 00:16:44 +00:00
Pierangelo Masarati
4362654eb6 fixes another assert in case of subtle error (schema failure while applying rdn changes) 2001-07-30 20:12:34 +00:00
Pierangelo Masarati
8edccd2554 fixes ITS#1261 (abort on modrdn with new dn already existing) 2001-07-30 14:54:02 +00:00