For the latest project reason, a simple LDAP service is implemented under centos. Here we record the first and second problems. This article emphasizes the problems and solutions encountered later.
The following links are detailed installation and basic configuration processes. This link applies to Debian, but similar links can be used for reference in other releases:
Http://www.wingfoss.com/content/how-to-install-openldap-with-mysql-on-debian6
IfSource codeIf the server Load balancer is installed, it will not be registered as a service and must be manually installed. The following is an LDAP self-starting script. I have tried it in centos and can use
#! /Bin/sh # LDAP this shell script takes care of starting and stopping # LDAP servers (slapd and slurpd ). # chkconfig:-70 40 # Description: LDAP stands for Lightweight Directory Access Protocol, used # for implementing the industry standard directory services. # processname: slapd # config:/etc/OpenLDAP/slapd. conf # pidfile:/var/run/slapd. pid # source function library .. /etc/rc. d/init. d/functions # sourc E networking configuration .. /etc/sysconfig/Network # Check that networking is up. [$ {networking} = "no"] & Exit 0 [-F/usr/local/libexec/slapd] | exit 0 # [-F/usr/sbin/slurpd] | exit 0 export cppflags = "-I/opt/berkeleydb.5.3/include" Export ldflags = "-l/opt/berkeleydb.5.3/lib" Export LD_LIBRARY_PATH = "/opt/berkeleydb.5.3/ lib "retval = 0 # see how we were called. case "$1" in START) # Start daemons. EC Ho-n "Starting LDAP:" daemon/usr/local/libexec/slapd retval =$? If [$ retval-EQ 0]; then if grep-Q "^ replogfile"/etc/OpenLDAP/slapd. conf; then daemon slurpd retval =$? [$ Retval-EQ 0] & pidof slurpd | cut-F 1-d "">/var/run/slurpd fi fiecho [$ retval-EQ 0] & Touch/ var/lock/subsys/ldap ;; stop) # Stop daemons. echo-n "shutting down LDAP:" killproc slapd retval =$? If [$ retval-EQ 0]; then if grep-Q "^ replogfile"/etc/OpenLDAP/slapd. conf; then killproc slurpd retval =$? FI fiechoif [$ retval-EQ 0]; then Rm-F/var/lock/subsys/ldap Rm-F/var/run/slapd. ARGs fi; Status) status slapd retval =$? If [$ retval-EQ 0]; then if grep-Q "^ replogfile"/etc/OpenLDAP/slapd. conf; then status slurpd retval =$? FI fi; restart) $0 stop $0 start retval =$ ?;; Reload) killproc-hup slapd retval =$? If [$ retval-EQ 0]; then if grep-Q "^ replogfile"/etc/OpenLDAP/slapd. conf; then killproc-hup slurpd retval =$? FI fi; *) echo "Usage: $0 START | stop | restart | status}" Exit 1 esacexit $ retval
Script description
- # Chkconfig:-70 40: this line is not just a comment. The chkconfig command for service registration determines the service startup sequence based on this line.
- Export is the library file and header file for exporting berkeleydb
Save the script to/etc/init. d and set executable permissions for it.
Chmod 700/etc/init. d/ldap
Run the chkconfig command to register the script at startup.
Chkconfig -- add ldapchkconfig -- level 345 LDAP on
Because it is a MySQL-based backend database, ensure that LDAP is started after MySQL is started and check the RC at the corresponding running level. d file (for example, enter/etc/rc at level3. d/rc3.d) to check whether the start Number of the link is greater than the number of the MySQL service. The basic concepts of services in centos are not mentioned here.
Follow-up questions: long time inactive, LDAP fault, need to restart
After LDAP was launched, it was found that the LDAP service was unavailable every night. This problem once plagued me for a long time and failed to be found on the Internet. I also asked questions on the forum. See http://www.linuxcast.net/ask/show/480
In the end, my colleague complained that the connection to the Oracle database was too large to be released. I was suddenly inspired to guess that the MySQL database link was automatically closed. I checked it back and set the following MySQL parameters to 8 hours:
Interactive_timeout | 28800
Wait_timeout | 28800
In this way, MySQL took the initiative to open and save the LDAP link one night (more than 8 hours), and LDAP did not know and did not retry the link, leading to the inability to query the database. After you increase the value, you can ensure that you do not release it for one night.
Subsequent problems: low performance
Saves user information for login verification. Users are aware that login is slow. It usually takes more than 10 seconds to log on. Start analysis: First open the LDAP log and configure it in the LDAP configuration file.
Loglevel 256
Add
Local4. *-/var/log/ldap. Log
Log will be output to the above path. The basic knowledge about the Linux System Log service is skipped here
It takes about 6 seconds to view logs, which is the main performance bottleneck. When I first wanted to add indexes and caches for LDAP, indexes seemed to support only bdb, And the cache seemed to require additional plug-ins. Then I checked whether MySQL could be optimized. All the tables created using scripts had indexes, so consider MySQL query cache can help: http://blog.webwlan.net/wordpress? P = 422
Finally, configure the following configuration: query_cache_size. The default value is 0. Therefore, the query results cannot be cached even if query_cache_type is enabled by default. Configure query_cache_size to about 100 MB, test LDAP, and significantly accelerate logon. Looking at the log again, the query time is reduced to 1 second, which solves the urgent need for the moment.