OpenLDAP Tuning Keys 8.0
|This article applies to the following ZCS versions.|
OpenLDAP Tuning Keys
Starting with ZCS 8.0, Zimbra uses MDB as the database backend, and the configuration continues to be stored in a database. This allows the ability to make changes to the OpenLDAP configuration on the fly. To support this, a number of keys were added to Localconfig. When modified via zmlocalconfig, the values will automatically be updated in the OpenLDAP server configuration within 2 minutes, and except for ldap_common_require_tls a restart is not required for the change to take effect. It is advised to also read over the OpenLDAP Performance Wiki as well.
OpenLDAP Common keys
These keys set the general, or common, settings for the slapd process. They are apply to both the master and replica servers. More detail on what these keys determine can be found by reading the slapd.conf(5) man page
- Set the loglevel level to be used. The default is 49152
zmlocalconfig -e ldap_common_loglevel=49152
- Set the threads count to an appropriate level. The ZCS default is 8, which is fine for up to 8 CPU servers.. The general rule of thumb is 1 thread for every real core.
zmlocalconfig -e ldap_common_threads=8
- Set whether or not an encrypted connection is required to establish communication with the LDAP server. 0 for no, 1 for yes. Default is 0. A restart is required for this setting to take effect.
- Set the toolthreads count to an appropriate level. The ZCS default is 2. It should be set to 2 unless it is on a single core system, in which case it should be 1.
zmlocalconfig -e ldap_common_toolthreads=2
- Set the writetimeout for how long to wait for a write to succeed. The default is 0, which is infinitely. Otherwise, forcefully close the connection after the specified number of seconds.
zmlocalconfig -e ldap_common_writetimeout=0
OpenLDAP Primary Database keys
These keys apply to the primary LDAP database. They are apply to both the master and replica servers. More detail on what these keys determine can be found by reading the slapd-mdb(5) man page
- Maximum allowable size for the primary database. WARNING: If your database reaches the size of this value, dataloss will occur. Defaults to 80GB
zmlocalconfig -e ldap_db_maxsize=85899345920
OpenLDAP Accesslog Database Keys
These keys apply to the Accesslog LDAP database used for replication. They are apply only to the master server. More detail on what these keys determine can be found by reading the slapd-mdb(5) man page
- Maximum allowable size for the accesslog database. WARNING: If your database reaches the size of this value, dataloss will occur. Defaults to 80GB
zmlocalconfig -e ldap_accesslog_maxsize=85899345920
OpenLDAP Overlay Keys
The following keys are specific to the OpenLDAP overlays used by ZCS.
OpenLDAP Accesslog Overlay Keys
This key applies to the accesslog overlay. It is only meaningful on the LDAP master. More detail on what this key determines can be found by reading the slapo-accesslog(5) man page
- How often to purge old entries from the accesslog database, and what age they need to be. The default is to purge all entries 1 day or older, and to run the purges every 4 hours. It takes two values, the first being the age of the entries to delete, the second being how frequently to run the deletion.
zmlocalconfig -e ldap_overlay_accesslog_logpurge="01+00:00 00+04:00"
OpenLDAP Syncprov Overlay Keys
The following keys apply to the syncprov overlay. It is only meaningful on the LDAP master. More detail on what these keys determine can be found by reading the slapo-syncprov(5) man page
- How often to checkpoint the current CSN to the underlying database. The default is every 20 changes or 10 minutes. It takes two values.
zmlocalconfig -e ldap_overlay_syncprov_checkpoint="20 10"