diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-08 01:41:09 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:15 +0200 |
| commit | 698834ee35adbd4b6b95228d27cb515632980d3a (patch) | |
| tree | 4fce9ea2f6dff8998f41b28b449e74c89a452f3f /roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | |
| parent | 6de533ca723f087e208862772c4d5def8e1e811c (diff) | |
wibble
Diffstat (limited to 'roles/common-LDAP/templates/etc/ldap/database.ldif.j2')
| -rw-r--r-- | roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 36 |
1 files changed, 9 insertions, 27 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index b97201c..cf12f10 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -23,82 +23,64 @@ olcLastMod: TRUE olcDbCheckpoint: 512 15 # Require LDAPv3 protocol and authentication prior to directory # operations. olcRequires: LDAPv3 # TODO: how 'olcAddContentAcl' affects the test suite? olcAddContentAcl: TRUE # The root user has all rights on the whole database (when SASL-binding # on a UNIX socket). olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth # # ######################################################################## ######################################################################## # Performance considerations # # To reindex an existing database, you have to # * Stop slapd sudo service slapd stop # * Reindex su openldap -c "slapindex -b 'o=mailHosting,dc=fripost,dc=org'" # * Restart slapd sudo service slapd start # +# +# On single- and dual-core systems, change the maximum number of threads +# to 8. (The default, 16, is fine for 4- and 8-core systems.) +# +# dn: cn=config +# changetype: modify +# add: olcThreads +# olcThreads: 8 +# # References # - https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning_5.0 # - http://www.openldap.org/doc/admin24/tuning.html # - http://www.openldap.org/faq/data/cache/42.html # - http://www.openldap.org/faq/data/cache/136.html # - http://www.zytrax.com/books/ldap/apa/indeces.html # olcDbIndex: objectClass eq # Let us make Postfix's life easier. TODO: only if MX, lists.f.o, MDA, etc. olcDbIndex: fripostIsStatusActive,fvd,fvl,fripostLocalAlias eq olcDbIndex: fripostOptionalMaildrop pres # SyncProv/SyncRepl specific indexing. olcDbIndex: entryCSN,entryUUID eq # # -# -# 1. On single- and dual-core systems, change the maximum number of -# threads to 8. (The default, 16, is fine for 4- and 8-core systems.) -# -# dn: cn=config -# changetype: modify -# add: olcThreads -# olcThreads: 8 -# -# -# 2. It may be a good idea to modify DB_CONFIG, depending on the output -# of -# -# db_stat -mh /var/lib/ldap/fripost | head -16 -# -# (For optimal performance, the Requested pages found in the cache -# should be above 95%, and the dirty/clean pages forced from the cache -# should be 0.) -# -# and -# -# db_stat -ch /var/lib/ldap/fripost | head -16 -# -# (For optimal performance, usage should be within 85% of the configured -# values.) -# -# ######################################################################## ######################################################################## # Sync Replication # TODO: replace the simple bind by Kerberos/GSSAPI # # References: # - http://www.openldap.org/doc/admin24/replication.html#Syncrepl # - http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-rap # {% if 'LDAP-provider' not in group_names %} olcSyncrepl: rid=000 provider=ldap://{{ LDAP_provider }} type=refreshAndPersist retry="5 5 300 +" searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias,fripostPostmaster,fripostOwner scope=sub schemachecking=off bindmethod=simple binddn="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=org" |