Jonathan Barber wrote:
Hello all, currently we have a FDS instance running on RHEL4 with a
small number of entries (6,000), we also have a linux compute cluster of
100 nodes which uses LDAP for user account data (via libnss_ldap).
SNIP
[0]
http://directory.fedoraproject.org/wiki/Performance_Tuning
[1]
http://www.mozilla.org/projects/security/pki/nss/nss-3.2-performance-results
[2] server$ ./selfserv -n "Server-Cert" -p 6000
client$ time ./strsclnt -p 6000 server -c 1000
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 1 cache misses, 0 cache not reusable
strsclnt: 999 cache hits; 1 cache misses, 0 cache not reusable
real 0m0.605s
user 0m0.795s
sys 0m0.226s
Your SSL test is probably not representative of the real world. It did
just one full handshake. You may want to look at the -P and -N options
of strsclnt. It may be that each getent is doing a full handshake.
rob