Novell EDIRECTORY Tuning Guide for UNIX* Platforms
Novell®
www.novell.com
Tuning Guide for UNIX* Platforms
novdocx (en) 22 June 2009
AUTHORIZED DOCUMENTATION
eDirectory
8.8 SP5
December 02, 2009
TM
Novell eDirectory Tuning Guide for UNIX* Platforms
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities
on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export
laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses.
Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no
responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
novdocx (en) 22 June 2009
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.
Novell Trademarks
Client32 is a trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
NetWare is a registered trademark of Novell, Inc., in the United States and other countries.
NetWare Core Protocol and NCP are trademarks of Novell, Inc.
NMAS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc., in the United States and other countries.
Novell Client is a trademark of Novell, Inc.
Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other
countries.
Ximian is a registerd trademark of Novell, Inc., in the United States and other countries.
ZENworks is a registered trademark of Novell, Inc., in the United States and other countries.
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://
www.openssl.org).
novdocx (en) 22 June 2009
novdocx (en) 22 June 2009
4 Novell eDirectory Tuning Guide for UNIX* Platforms
About This Guide
novdocx (en) 22 June 2009
Welcome to Novell® eDirectoryTM 8.8. This guide describes how to analyze and tune Novell®
TM
eDirectory
on UNIX* platforms to yield superior performance in all deployments.
This guide introduces the following:
Chapter 1, “Overview,” on page 9
Chapter 2, “eDirectory Subsystems,” on page 11
Chapter 3, “Analyzing System Bottlenecks,” on page 15
Chapter 4, “Tuning eDirectory Subsystems,” on page 19
Chapter 5, “eDirectory Configuration,” on page 27
Audience
The guide is intended for network administrators.
Additional Documentation
For more information about eDirectory 8.8, refer to the following:
Novell eDirectory 8.8 Installation Guide
Novell eDirectory 8.8 Administration Guide
Novell eDirectory 8.8 What’s New Guide
Novell eDirectory 8.8 Troubleshooting Guide
These guides are available at Novell eDirectory 8.8 documentation Web site (http://
www.novell.com/documentation/edir88/index.html).
For information about the eDirectory management utility, see the Novell iManager 2.7
Administration Guide (http://www.novell.com/documentation/imanager27/index.html).
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
®
A trademark symbol (
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* and UNIX*, should use forward slashes as required by your software.
About This Guide 5
novdocx (en) 22 June 2009
6 Novell eDirectory Tuning Guide for UNIX* Platforms
Contents
About This Guide 5
1Overview 9
1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 eDirectory Subsystems 11
2.1 FLAIM Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.1 Checkpoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.2 Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.3 Roll-Forward Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2 Thread Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Analyzing System Bottlenecks 15
novdocx (en) 22 June 2009
3.1 Disk I/O Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 CPU Subsystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.3 Memory Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.4 Network Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4 Tuning eDirectory Subsystems 19
4.1 FLAIM Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.1.1 Choosing Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.1.2 Tuning for Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2 Thread Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.3 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.3.1 Improving eDirectory Searches and Reads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.3.2 Disabling ACL Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.4 Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.5 SSL Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.6 64-Bit Versus 32-Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.7 Import Convert and Export (ICE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.8 ldif2dib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5 eDirectory Configuration 27
5.1 Configuring the FLAIM Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.1.1 Hard Cache Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.1.2 Dynamically Adjusting the Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.2 Modifying FLAIM Cache Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.2.1 Modifying FLAIM Cache Settings through iMonitor . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.2.2 Modifying FLAIM Cache Settings through _ndsdb.ini . . . . . . . . . . . . . . . . . . . . . . . . 29
Contents 7
novdocx (en) 22 June 2009
8 Novell eDirectory Tuning Guide for UNIX* Platforms
1
Overview
Novell® eDirectory 8.8TM is a standards-compliant, cross-platform, highly scalable, fault-tolerant,
and high-performance directory services solution. This guide provides information on tuning your
eDirectory environment for improved performance.
Tuning for performance is a complex activity. It requires understanding of both the eDirectory and
operating system's subsystems. It involves monitoring the system to identify bottlenecks and fixing
them one at a time. Many a times resources are limited and tuning is confined to eDirectory and the
operating system.
In this guide, read the Prerequisites section before attempting any kind of tuning, then proceed to the
other sections. eDirectory Subsystems chapter describes primary subsystems that influence
eDirectory performance. Analyzing System Bottlenecks chapter describes various system resources
and their influence on eDirectory performance. Tuning eDirectory Subsystems chapter describes
how to analyze and tune eDirectory under various conditions and environments. Finally, the
eDirectory Configuration chapter describes how to configure various tunable parameters.
novdocx (en) 22 June 2009
1
1.1 Prerequisites
Ensure that the following general prerequisites are met before attempting to tune the system for
performance:
A good eDirectory tree design (http://www.novell.com/documentation/edir88/edir88/data/
a2iiido.html) can enhance eDirectory performance. The following considerations might apply:
Applications read all the information locally on the server without needing to chain the
requests.
eDirectory efficiently handles object references automatically. If possible, objects on a
server should not refer to objects that are not local on that server, because maintaining
non-local object references can take more time. If such references exist, backlinks must be
maintained. This becomes cumbersome in large deployments.
If you need a group with 10,000 members or more, dynamic groups are recommended.
This allows you to avoid the overhead associated with maintaining references for so many
people. Choose your dynamic group configuration carefully, because using multiple
dynamic groups with improper search criteria might overload the server and reduce
overall server performance. If a search operation takes a long time to complete, the chosen
index might be inefficient. Minimize the use of regular(static) groups as this can increase
tree walking on login.
Use ACLs efficiently. For example, use the [This] trustee and assign it at the container
level instead of using an ACL template that assigns rights to itself. The fewer ACLs, the
better the performance. For more information on ACLs, refer to the Access Control List
(http://www.novell.com/documentation/edir88/edir88/data/fbachifb.html) in the Novell
eDirectory 8.8 Administration Guide.
Distribute the load onto multiple replica servers.
Overview
9
Loading...