Avoid Worst Practices
Too Much MMR
You need (at most) two active servers in a multi-master replication (MMR) cluster. More than that will increase the replication traffic, eventually making replication the primary load on the cluster. Yes, we’ve seen it too often! A third server should be a replica of the masters, set up to become an active MMR master in a Disaster, and the procedure to make the relevant changes to replace a failed server.
Unsafe Database Loads
Many people see the -q option on slapadd,
the database load utility. The documentation says it can speed up the
loading of data. If you use -q, any errors in the input
file will be loaded. All checking is off. That guarantees operational
problems in production. Nobody needs operational problems. Don’t use
-q on anything but a backup file from a “known-good”
server.
Unindexed Attributes
Only attributes used to look up entries need to be indexed. Indexes
take up space and slow down updates as they too must be updated. But
when an attribute is not indexed and a query uses it in a search filter,
the query will take much more processing and elapsed time. A periodic
scan of the slapd.log file(s) looking for “not indexed” in
a line will help you find this problem. Symas’s Log Analysis tools
provide that information along with other valuable insights.
Presence Indexing
Don’t bother. Indexing takes time and the performance improvements aren’t generally worth the database space.
Failing to Put a Password
on cn=config
Even though you may be using static configuration
(slapd.conf file), OpenLDAP is building a dynamic
configuration database when it starts up. If you don’t explicitly put a
rootpw into the cn=conf database definition,
you will have to stop slapd, change
slapd.conf, and restart slapd to do simple
things like changing the log level for a minute or two to study a
problem. Your changes will be lost next time you stop
slapd. You may never use it. But if you run into a problem,
it avoids unneeded outages when Symas is trying to help sort things
out.