From: Jamie C. <jca...@we...> - 2007-03-09 17:44:03
|
On 8/Mar/2007 15:37 Murray Trainer wrote .. > On Thu, 2007-03-08 at 13:00 -0800, Jamie Cameron wrote: > > On 7/Mar/2007 23:16 Murray Trainer wrote .. > > > On Mon, 2007-02-26 at 15:19 +0900, Murray Trainer wrote: > > > > On Sun, 2007-01-21 at 22:27 -0800, Jamie Cameron wrote: > > > > > On 21/Jan/2007 16:11 Murray Trainer wrote .. > > > > > > On Fri, 2007-01-19 at 00:23 -0800, Jamie Cameron wrote: > > > > > > > On 18/Jan/2007 22:46 Murray Trainer wrote .. > > > > > > > > Hi Jamie > > > > > > > > > > > > > > > > We now have over 1000 users we manage with the LDAP Users > module. > > > > > > I > > > > > > > > have noticed lately that it is becoming very slow bringing > up > > > the > > > > > > > > initial screen. I can imagine things only getting worse > as the > > > > > > > > directory gets larger. I haven't checked the queries My > guess > > > is that > > > > > > > > the module tries to search the LDAP directory for the whole > list > > > of > > > > > > > > users, then after realising there are too many, it then says > > > there > > > > > > are > > > > > > > > too many to display and fails. Even if I set the maximum > number > > > of > > > > > > > > users or groups to display to 0 or 1 it still takes a fair > few > > > seconds > > > > > > > > to display the opening screen. > > > > > > > > > > > > > > > > The recommed method is to process each LDAP user entry one > at > > > a time > > > > > > as > > > > > > > > they are returned. The module would stop when it reached > the > > > limit > > > > > > of > > > > > > > > users for that page which could be a configuration value. > The > > > module > > > > > > > > appears to be using the NET::LDAP library. I had a look > at the > > > > > > > > documentation below and they recommend processing each entry > > > as it > > > > > > is > > > > > > > > returned: > > > > > > > > > > > > > > > > http://search.cpan.org/~gbarr/perl-ldap-0.33/lib/Net/LDAP/FAQ.pod#USING_THE_CALLBACK_SUBROUTINE_APPROACH > > > > > > > > > > > > > > > > If we want 100 users to be displayed on the page we print > the > > > first > > > > > > 100 > > > > > > > > entries then quit. If we want users 100-200 we would ignore > > > the first > > > > > > > > hundred entries and print the second hundred, and so on. > > > > > > > > > > > > > > > > Hope the above idea has merit and its possible for you to > implement > > > > > > at > > > > > > > > some stage. > > > > > > > > > > > > > > Actually, that is what the module already does. The main page > does > > > an > > > > > > > LDAP search for matching users, and then checks the number > of results > > > > > > available. > > > > > > > If this is higher than the maximum set on the Module Config > page, > > > it > > > > > > just > > > > > > > displays the search form without fetching the full user list. > > > > > > > > > > > > > > Of course, for this to be useful I assume that the LDAP server > > > doesn't > > > > > > > fetch users from it's database until actually asked to.. > > > > > > > > > > > > > > - Jamie > > > > > > > > > > > > > > > > > > > If it does things in the sequential manner then I am not sure > why > > > it is > > > > > > so slow for me. There is nothing wrong with the performance > of the > > > ldap > > > > > > server. I can do an ldapsearch from a client machine and dump > the > > > whole > > > > > > list of users into a text file in less than a second. Going > into > > > the > > > > > > first ldap users and groups screen with the list of users takes > > > > > 10 > > > > > > secs even with the amount of users to display set to 0. I am > not > > > sure > > > > > > where the bottleneck in performance is? > > > > > > > > > > I took another look at the code for this module, and it seems that > > > even > > > > > though Webmin just calls the Net::LDAP module's search function, > this > > > > > takes a long time to respond on large LDAP databases even though > no > > > > > actual results are requested! > > > > > > > > > > However, I managed to find another way to reduce the search size, > by > > > > > specifying a maximum result size to the LDAP server. This will > go into > > > > > the next (1.330) Webmin release. > > > > > > > > > > - Jamie > > > > > > > > Hi Jamie, > > > > > > > > I noticed that you had added the fix above to the 1.328 version. > I > > > > downloaded it and tested it. It displays the initial list of > > > > users/groups immediately if it exceeds the limit for the page. Thanks > > > > for your work on that - it will improve things a lot in our setup. > > > > > > Hi Jamie, > > > > > > I have installed 1.330 and the initial list of users displays quickly > as > > > for the earlier test version but I noticed that when clicking on create > > > a new ldap user or opening an existing one, the screen takes a fair > > > while to display (15-20 secs). Not sure why that should be so slow? > - > > > in the first case it only needs to look up the next available uid. > > > Bringing up an existing user might be a bit slower but the ldap search > > > should be pretty quick. > > > > I'll have to look into this .. do you have a large number of groups too? > > > > - Jamie > > We have about 1500 users. We don't have a large number of groups but a > few groups have lots of members ie. 1000+. Ok, I found another bug in the code that can cause a slowdown - it tries to scan all users in LDAP to get a free UID, and to find uses shells. The former is un-needed for editing existing users, and the latter can be disabled on the Module Config page. Let me know if you'd like a beta version of the fixed module to try out.. - Jamie |