performances.html 29.8 KB
Newer Older
Clément OUDOT's avatar
Clément OUDOT committed
1 2 3 4 5 6
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:performances</title>
<meta name="generator" content="DokuWiki"/>
Xavier Guimard's avatar
Xavier Guimard committed
7
<meta name="robots" content="index,follow"/>
Clément OUDOT's avatar
Clément OUDOT committed
8 9 10 11 12
<meta name="keywords" content="documentation,2.0,performances"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="performances.html"/>
<link rel="contents" href="performances.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
Xavier Guimard's avatar
Xavier Guimard committed
13 14 15 16 17 18 19 20 21
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
22 23 24
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:performances","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
Xavier Guimard's avatar
Xavier Guimard committed
39
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
40
//else -->
Xavier Guimard's avatar
Xavier Guimard committed
41
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
42
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#global_performance">Global performance</a></div></li>
<li class="level1"><div class="li"><a href="#handler_performance">Handler performance</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#macros_and_groups">Macros and groups</a></div></li>
<li class="level2"><div class="li"><a href="#local_macros">Local macros</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#portal_performances">Portal performances</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#general_performances">General performances</a></div></li>
<li class="level2"><div class="li"><a href="#apachesession_performances">Apache::Session performances</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</a></div></li>
<li class="level3"><div class="li"><a href="#use_apachesessionbrowseable">Use Apache::Session::Browseable</a></div></li>
Xavier Guimard's avatar
Xavier Guimard committed
66
<li class="level3"><div class="li"><a href="#performance_test">Performance test</a></div></li>
Clément OUDOT's avatar
Clément OUDOT committed
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
</ul>
</li>
<li class="level2"><div class="li"><a href="#ldap_performances">LDAP performances</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#manager_performances">Manager performances</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#disable_unused_modules">Disable unused modules</a></div></li>
<li class="level2"><div class="li"><a href="#use_static_html_files">Use static HTML files</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="performances">Performances</h1>
<div class="level1">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
86
LemonLDAP::NG is designed to be very performant. Indeed, it uses Apache2 threads capabilities. So to increase performances, prefer using <a href="http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#compiletime" class="urlextern" title="http://httpd.apache.org/docs/2.2/misc/perf-tuning.html#compiletime"  rel="nofollow">mpm-worker</a>.
Clément OUDOT's avatar
Clément OUDOT committed
87 88 89
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
90
<!-- EDIT1 SECTION "Performances" [1-249] -->
Clément OUDOT's avatar
Clément OUDOT committed
91 92 93 94
<h2 class="sectionedit2" id="global_performance">Global performance</h2>
<div class="level2">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
95
By default, Linux does not use <abbr title="Domain Name System">DNS</abbr> cache and LemonLDAP::NG portal request <abbr title="Domain Name System">DNS</abbr> for each connexions on LDAP or DB. Under heavy loads, that can generated hundred of <abbr title="Domain Name System">DNS</abbr> queries and many errors on LDAP connexions (timed out) from IO::Socket.
Clément OUDOT's avatar
Clément OUDOT committed
96 97 98 99 100 101 102 103 104 105 106 107 108
</p>

<p>
To bypass this, you can:
</p>
<ul>
<li class="level1"><div class="li"> Use <abbr title="Internet Protocol">IP</abbr> in configuration to avoid <abbr title="Domain Name System">DNS</abbr> resolution</div>
</li>
<li class="level1"><div class="li"> Install a <abbr title="Domain Name System">DNS</abbr> cache  like nscd, netmask or bind</div>
</li>
</ul>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
109
<!-- EDIT2 SECTION "Global performance" [250-650] -->
Clément OUDOT's avatar
Clément OUDOT committed
110 111 112
<h2 class="sectionedit3" id="handler_performance">Handler performance</h2>
<div class="level2">

Xavier Guimard's avatar
Xavier Guimard committed
113
<p>
Xavier Guimard's avatar
Xavier Guimard committed
114
For Nginx, you can use another auth server instead of llng-fastcgi-server. See: <a href="psgi.html" class="wikilink1" title="documentation:2.0:psgi">Advanced PSGI usage</a>.
Xavier Guimard's avatar
Xavier Guimard committed
115 116
</p>

Xavier Guimard's avatar
Xavier Guimard committed
117
<p>
Xavier Guimard's avatar
Xavier Guimard committed
118
To increase handler performance, you can disable “Sessions activity timeout” to prevent it from writing to the session database.
Xavier Guimard's avatar
Xavier Guimard committed
119 120
</p>

Clément OUDOT's avatar
Clément OUDOT committed
121
<p>
Xavier Guimard's avatar
Xavier Guimard committed
122
Handlers check rights and calculate headers for each HTTP hit. So to improve performances, avoid too complex rules by using macros, groups or local macros.
Clément OUDOT's avatar
Clément OUDOT committed
123 124 125
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
126
<!-- EDIT3 SECTION "Handler performance" [651-1080] -->
Clément OUDOT's avatar
Clément OUDOT committed
127 128 129 130 131 132 133 134 135
<h3 class="sectionedit4" id="macros_and_groups">Macros and groups</h3>
<div class="level3">

<p>
Macros and groups are calculated during authentication process by the portal:
</p>
<ul>
<li class="level1"><div class="li"> macros are used to extend (or rewrite) <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a>. A macro is stored as attributes: it can contain boolean results or any string</div>
</li>
Xavier Guimard's avatar
Xavier Guimard committed
136 137
<li class="level1"><div class="li"> macros can also be used to import environment variables <em>(these variables are in CGI format)</em>. Example: <code>$ENV{HTTP_COOKIE}</code></div>
</li>
Clément OUDOT's avatar
Clément OUDOT committed
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186
<li class="level1"><div class="li"> groups are stored as space-separated strings in the special attribute “groups”: it contains the names of groups whose rules were returned true for the current user</div>
</li>
<li class="level1"><div class="li"> You can also get groups in <code>$hGroups</code> which is a Hash Reference of this form:</div>
</li>
</ul>
<pre class="code perl"><span class="re0">$hGroups</span> <span class="sy0">=</span> <span class="br0">&#123;</span>
          <span class="st_h">'group3'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
                        <span class="st_h">'description'</span> <span class="sy0">=&gt;</span> <span class="br0">&#91;</span>
                                           <span class="st_h">'Service 3'</span><span class="sy0">,</span>
                                           <span class="st_h">'Service 3 TEST'</span>
                                         <span class="br0">&#93;</span><span class="sy0">,</span>
                        <span class="st_h">'cn'</span> <span class="sy0">=&gt;</span> <span class="br0">&#91;</span>
                                  <span class="st_h">'group3'</span>
                                <span class="br0">&#93;</span><span class="sy0">,</span>
                        <span class="st_h">'name'</span> <span class="sy0">=&gt;</span> <span class="st_h">'group3'</span>
                      <span class="br0">&#125;</span><span class="sy0">,</span>
          <span class="st_h">'admin'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
                       <span class="st_h">'name'</span> <span class="sy0">=&gt;</span> <span class="st_h">'admin'</span>
                     <span class="br0">&#125;</span>
        <span class="br0">&#125;</span></pre>

<p>
Example for macros:
</p>
<pre class="code perl"><span class="co1"># boolean macro</span>
isAdmin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
<span class="co1"># other macro </span>
displayName <span class="sy0">-&gt;</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span>
&nbsp;
<span class="co1"># Use a boolean macro in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$isAdmin</span>
<span class="co1"># Use a string macro in a HTTP header</span>
Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span></pre>

<p>
Example for groups:
</p>
<pre class="code perl"><span class="co1"># group</span>
admin <span class="sy0">-&gt;</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span>
&nbsp;
<span class="co1"># Use a group in a rule</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <span class="re0">$groups</span> <span class="sy0">=~</span> <span class="co2">/\badmin\b/</span>
&nbsp;
<span class="co1"># Or with hGroups</span>
<span class="sy0">^/</span>admin <span class="sy0">-&gt;</span> <a href="http://perldoc.perl.org/functions/defined.html"><span class="kw3">defined</span></a> <span class="re0">$hGroups</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span><span class="st_h">'admin'</span><span class="br0">&#125;</span></pre>
<div class="noteclassic">Groups are computed after macros, so a group rule may involve a macro value.
</div><div class="noteimportant">Macros and groups are computed in alphanumeric order, that is, in the order they are displayed in the manager. For example, macro “macro1” will be computed before macro “macro2”: so, expression of macro2 may involve value of macro1. As same for groups: a group rule may involve another, previously computed group.
</div>
</div>
Xavier Guimard's avatar
Xavier Guimard committed
187
<!-- EDIT4 SECTION "Macros and groups" [1081-3175] -->
Clément OUDOT's avatar
Clément OUDOT committed
188 189 190 191
<h3 class="sectionedit5" id="local_macros">Local macros</h3>
<div class="level3">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
192
Macros and groups are stored in session database. Local macros is a special feature of handler that permit one to have macros useable localy only. Those macros are calculated only at the first usage and stored in the local session cache (only for this server) and only if the user access to the related applications. This avoid to have to many datas stored.
Clément OUDOT's avatar
Clément OUDOT committed
193 194 195 196 197 198 199 200
</p>
<pre class="code perl"><span class="co1"># rule</span>
admin <span class="sy0">-&gt;</span> <span class="re0">$admin</span> <span class="sy0">||=</span> <span class="br0">&#40;</span><span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'foo'</span> <span class="kw1">or</span> <span class="re0">$uid</span> <span class="kw1">eq</span> <span class="st_h">'bar'</span><span class="br0">&#41;</span>
<span class="co1"># header</span>
Display<span class="sy0">-</span>Name <span class="sy0">-&gt;</span> <span class="re0">$displayName</span> <span class="sy0">||=</span> <span class="re0">$givenName</span><span class="sy0">.</span><span class="st0">&quot; &quot;</span><span class="sy0">.</span><span class="re0">$surName</span></pre>
<div class="notetip">Note that this feature is interesting only for the Lemonldap::NG systems protecting a high number of applications
</div>
</div>
Xavier Guimard's avatar
Xavier Guimard committed
201
<!-- EDIT5 SECTION "Local macros" [3176-3837] -->
Clément OUDOT's avatar
Clément OUDOT committed
202 203 204 205
<h2 class="sectionedit6" id="portal_performances">Portal performances</h2>
<div class="level2">

</div>
Xavier Guimard's avatar
Xavier Guimard committed
206
<!-- EDIT6 SECTION "Portal performances" [3838-3870] -->
Clément OUDOT's avatar
Clément OUDOT committed
207 208 209 210
<h3 class="sectionedit7" id="general_performances">General performances</h3>
<div class="level3">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
211
The portal is the biggest component of Lemonldap::NG. Since version 2.0, portal runs under FastCGI and has been rewritten using plugins, so performance is increased in comparison to earlier versions. You just have to disable unused plugins:
Clément OUDOT's avatar
Clément OUDOT committed
212
</p>
Xavier Guimard's avatar
Xavier Guimard committed
213 214 215 216 217 218 219 220
<ul>
<li class="level1"><div class="li"> disable unused issuer modules</div>
</li>
<li class="level1"><div class="li"> disable notifications if not used</div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
Xavier Guimard's avatar
Xavier Guimard committed
221 222 223 224

<p>
By default it uses local storage to store its tokens. If you have more than 1 portal and if your load-balancer doesn&#039;t keep state, you have to disable this to use the global session storage <em>(General parameters » portal Parameters » Advanced Parameters » Forms)</em>. Note that this will decrease performances.
</p>
Clément OUDOT's avatar
Clément OUDOT committed
225 226 227 228
<div class="notetip">In production environment for network performance, prefer using minified versions of javascript and css libs: use <code>make install <strong>PROD=yes</strong></code>. This is done by default in RPM/DEB packages.

</div>
</div>
Xavier Guimard's avatar
Xavier Guimard committed
229
<!-- EDIT7 SECTION "General performances" [3871-4748] -->
Xavier Guimard's avatar
Xavier Guimard committed
230
<h3 class="sectionedit8" id="apachesession_performances">Apache::Session performances</h3>
Clément OUDOT's avatar
Clément OUDOT committed
231 232 233 234 235 236 237 238 239 240 241
<div class="level3">

<p>
Lemonldap::NG handlers use a local cache to store sessions (for 10 minutes). So Apache::Session module is not a problem for handlers. It can be a brake for the portal:
</p>
<ol>
<li class="level1"><div class="li"> When you use the multiple sessions restriction parameters, sessions are parsed for each authentication unless you use an <a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a> module.</div>
</li>
<li class="level1"><div class="li"> Since MySQL does not have always transaction feature, Apache::Session::MySQL has been designed to use MySQL locks. Since MySQL performances are very bad using this, if you want to store sessions in a MySQL database, prefer one of the following</div>
</li>
</ol>
Xavier Guimard's avatar
Xavier Guimard committed
242 243
<div class="notetip">Since 1.9.6, LLNG portal and handler check if session is valid at each access, so purgeCentralCache cron no longer needs to be launched every 10 minutes: one or two times per day is enough.
</div>
Clément OUDOT's avatar
Clément OUDOT committed
244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266
</div>

<h4 id="replace_mysql_by_apachesessionflex">Replace MySQL by Apache::Session::Flex</h4>
<div class="level4">

<p>
In “Apache::Session module” field, set “<a href="https://metacpan.org/module/Apache::Session::Flex" class="urlextern" title="https://metacpan.org/module/Apache::Session::Flex"  rel="nofollow">Apache::Session::Flex</a>” and use the following parameters:
</p>
<pre class="code">Store      -&gt; MySQL
Lock       -&gt; Null
Generate   -&gt; MD5
Serialize  -&gt; Storable
DataSource -&gt; dbi:mysql:sessions;host=...
UserName   -&gt; ...
Password   -&gt; ...</pre>
<div class="notetip">Since version 1.90 of Apache::Session, you can use Apache::Session::MySQL::NoLock instead
</div>
</div>

<h4 id="use_apachesessionbrowseable">Use Apache::Session::Browseable</h4>
<div class="level4">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
267
<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable"  rel="nofollow">Apache::Session::Browseable</a> is a wrapper for other Apache::Session modules that add the capability to manage indexes. Prefer versions ≥ 1.2.5 for better performances in DB cleaning. To use it (with PostgreSQL for example), choose “Apache::Session::Browseable::Postgres” as “Apache::Session module” and use the following parameters:
Clément OUDOT's avatar
Clément OUDOT committed
268
</p>
Xavier Guimard's avatar
Xavier Guimard committed
269
<pre class="code">DataSource -&gt; dbi:Pg:database=sessions;host=...
Clément OUDOT's avatar
Clément OUDOT committed
270 271 272 273 274 275 276
UserName   -&gt; user
Password   -&gt; password
Index      -&gt; ipAddr uid</pre>

<p>
Note that Apache::Session::Browseable::MySQL doesn&#039;t use MySQL locks.
</p>
Xavier Guimard's avatar
Xavier Guimard committed
277 278 279 280 281 282

<p>
Look at <a href="browseablesessionbackend.html" class="wikilink1" title="documentation:2.0:browseablesessionbackend">Browseable session backend</a> to known which index to choose.
</p>
<div class="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since these modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
</div>
Clément OUDOT's avatar
Clément OUDOT committed
283
</div>
Xavier Guimard's avatar
Xavier Guimard committed
284 285 286

<h4 id="performance_test">Performance test</h4>
<div class="level4">
Xavier Guimard's avatar
Xavier Guimard committed
287
<div class="notetip">A <a href="https://metacpan.org/module/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::Redis"  rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the fastest (except for session explorer, defeated by Apache::Session::Browseable::<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable"  rel="nofollow">DBI</a>/<a href="https://metacpan.org/module/Apache::Session::Browseable::LDAP" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"  rel="nofollow">LDAP</a>])
Xavier Guimard's avatar
Xavier Guimard committed
288 289
</div>
<p>
Xavier Guimard's avatar
Xavier Guimard committed
290
This test isn&#039;t an “only-backend” test but embedded some LLNG methods, so real differences between engines are mitigate here.
Xavier Guimard's avatar
Xavier Guimard committed
291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307
</p>
<div class="table sectionedit9"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0 centeralign" colspan="2">  Backend  </th><th class="col2 centeralign" colspan="3">  Portal and handlers  </th><th class="col5 centeralign" colspan="3">  Session explorer and one-off sessions  </th>
	</tr>
	<tr class="row1 rowodd">
		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Configuration  </th><th class="col2 centeralign">  Insert 1000  </th><th class="col3 centeralign">  Search 1  </th><th class="col4 centeralign">  Purge 500  </th><th class="col5 centeralign">  Parse all  </th><th class="col6 centeralign">  Search by substring  </th><th class="col7 centeralign">  Search by UID  </th>
	</tr>
	</thead>
	<tr class="row2 roweven">
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::LDAP</strong>  </td><td class="col1 leftalign"> mdb  </td><td class="col2 centeralign">  159.66  </td><td class="col3 centeralign">  0.0120  </td><td class="col4 centeralign">  49.22  </td><td class="col5 centeralign">  0.1110  </td><td class="col6 centeralign">  0.0076  </td><td class="col7 centeralign">  0.0050  </td>
	</tr>
	<tr class="row3 rowodd">
		<td class="col0 leftalign"> Apache::Session::<strong>MySQL</strong>             </td><td class="col1"> No lock </td><td class="col2 centeralign">  87.20  </td><td class="col3 centeralign">  <strong>0.0039</strong>  </td><td class="col4 centeralign">  23.14  </td><td class="col5 centeralign">  0.0281  </td><td class="col6 centeralign">  0.0252  </td><td class="col7 centeralign">  0.0235  </td>
	</tr>
	<tr class="row4 roweven">
Xavier Guimard's avatar
Xavier Guimard committed
308
		<td class="col0"> Apache::Session::<strong>Browseable::MySQL</strong> </td><td class="col1 leftalign">      </td><td class="col2 centeralign">  91.79  </td><td class="col3 centeralign">  <strong>0.0039</strong>  </td><td class="col4 centeralign">   <strong>0.139</strong> <em>(1)</em>  </td><td class="col5 centeralign">  0.0272  </td><td class="col6 centeralign">  <strong>0.0036</strong>  </td><td class="col7 centeralign">  <strong>0.0026</strong>  </td>
Xavier Guimard's avatar
Xavier Guimard committed
309 310
	</tr>
	<tr class="row5 rowodd">
Xavier Guimard's avatar
Xavier Guimard committed
311
		<td class="col0"> Apache::Session::<strong>Browseable::MySQLJSON</strong> </td><td class="col1 leftalign">  </td><td class="col2 centeralign">  86.06  </td><td class="col3 centeralign">  0.0145  </td><td class="col4 centeralign">  <strong> 0.151</strong> <em>(2)</em>  </td><td class="col5 centeralign">  <strong>0.0104</strong>  </td><td class="col6 centeralign">  0.0137  </td><td class="col7 centeralign">  0.0038  </td>
Xavier Guimard's avatar
Xavier Guimard committed
312 313
	</tr>
	<tr class="row6 roweven">
Xavier Guimard's avatar
Xavier Guimard committed
314
		<td class="col0 leftalign"> Apache::Session::<strong>Postgres</strong>          </td><td class="col1 leftalign">      </td><td class="col2 centeralign">  18.31  </td><td class="col3 centeralign">  0.0095  </td><td class="col4 centeralign">  13.40  </td><td class="col5 centeralign">  0.0323  </td><td class="col6 centeralign">  0.0277  </td><td class="col7 centeralign">  0.0264  </td>
Xavier Guimard's avatar
Xavier Guimard committed
315 316
	</tr>
	<tr class="row7 rowodd">
Xavier Guimard's avatar
Xavier Guimard committed
317
		<td class="col0"> Apache::Session::<strong>Postgres</strong> </td><td class="col1"> Unlogged table </td><td class="col2 centeralign">  9.16  </td><td class="col3 centeralign">  0.0095  </td><td class="col4 centeralign">  7.91  </td><td class="col5 centeralign">  0.0318  </td><td class="col6 centeralign">  0.0270  </td><td class="col7 centeralign">  0.0254  </td>
Xavier Guimard's avatar
Xavier Guimard committed
318 319
	</tr>
	<tr class="row8 roweven">
Xavier Guimard's avatar
Xavier Guimard committed
320
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::Postgres</strong>  </td><td class="col1"> Unlogged table with indexes </td><td class="col2 centeralign">  9.24  </td><td class="col3 centeralign">  0.0094  </td><td class="col4 centeralign">  <strong>0.103</strong> <em>(1)</em>  </td><td class="col5 centeralign">  0.0301  </td><td class="col6 centeralign">  <strong>0.0036</strong>  </td><td class="col7 centeralign">  <strong>0.0028</strong>  </td>
Xavier Guimard's avatar
Xavier Guimard committed
321 322
	</tr>
	<tr class="row9 rowodd">
Xavier Guimard's avatar
Xavier Guimard committed
323
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::PgJSON</strong>  </td><td class="col1"> Unlogged table, json field </td><td class="col2 centeralign">  9.25  </td><td class="col3 centeralign">  0.0091  </td><td class="col4 centeralign">  <strong>0.108</strong> <em>(1)</em>  </td><td class="col5 centeralign">  0.0247  </td><td class="col6 centeralign">  <strong>0.0035</strong>  </td><td class="col7 centeralign">  <strong>0.0029</strong>  </td>
Xavier Guimard's avatar
Xavier Guimard committed
324 325
	</tr>
	<tr class="row10 roweven">
Xavier Guimard's avatar
Xavier Guimard committed
326
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::PgJSON</strong>  </td><td class="col1"> Unlogged table, jsonb field </td><td class="col2 centeralign">  9.25  </td><td class="col3 centeralign">  0.0091  </td><td class="col4 centeralign">  <strong>0.105</strong> <em>(1)</em>  </td><td class="col5 centeralign">  <strong>0.0126</strong>  </td><td class="col6 centeralign">  <strong>0.0034</strong>  </td><td class="col7 centeralign">  <strong>0.0029</strong>  </td>
Xavier Guimard's avatar
Xavier Guimard committed
327 328
	</tr>
	<tr class="row11 rowodd">
Xavier Guimard's avatar
Xavier Guimard committed
329 330 331 332 333 334 335 336 337 338
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::PgHstore</strong>  </td><td class="col1"> Unlogged table, hstore field </td><td class="col2 centeralign">  9.62  </td><td class="col3 centeralign">  0.0111  </td><td class="col4 centeralign">  <strong>0.105</strong> <em>(1)</em>  </td><td class="col5 centeralign">  <strong>0.0125</strong>  </td><td class="col6 centeralign">  <strong>0.0033</strong>  </td><td class="col7 centeralign">  <strong>0.0029</strong>  </td>
	</tr>
	<tr class="row12 roweven">
		<td class="col0 leftalign"> Apache::Session::<strong>Redis</strong>  </td><td class="col1 leftalign">  </td><td class="col2 centeralign">  <strong>2.13</strong>  </td><td class="col3 centeralign">  <strong>0.0033</strong>  </td><td class="col4 centeralign">  1.158  </td><td class="col5 centeralign">  0.0623  </td><td class="col6 centeralign">  0.0570  </td><td class="col7 centeralign">  0.0550  </td>
	</tr>
	<tr class="row13 rowodd">
		<td class="col0 leftalign"> Apache::Session::<strong>Browseable::Redis</strong>  </td><td class="col1 leftalign">  </td><td class="col2 centeralign">  <strong>2.36</strong>  </td><td class="col3 centeralign">  <strong>0.0033</strong>  </td><td class="col4 centeralign">  1.154  </td><td class="col5 centeralign">  0.0643  </td><td class="col6 centeralign">  0.1048  </td><td class="col7 centeralign">  <strong>0.0024</strong>  </td>
	</tr>
	<tr class="row14 roweven">
		<td class="col0 centeralign" colspan="8">  <em>The source of this test is available in sources: e2e-tests/sbperf.pl</em>  </td>
Xavier Guimard's avatar
Xavier Guimard committed
339 340
	</tr>
</table></div>
Xavier Guimard's avatar
Xavier Guimard committed
341
<!-- EDIT9 TABLE [7640-9543] --><ul>
Xavier Guimard's avatar
Xavier Guimard committed
342 343 344 345 346
<li class="level1"><div class="li"> <em><strong>(1) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.5 and LLG-2.0. Earlier results are not so good.</em></div>
</li>
<li class="level1"><div class="li"> <em><strong>(2) :</strong> “purge” test is done with Apache::Session::Browseable-1.2.6 and LLG-2.0.</em></div>
</li>
</ul>
Xavier Guimard's avatar
Xavier Guimard committed
347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363

<p>
Analysis:
</p>
<ul>
<li class="level1"><div class="li"> LDAP servers are “write-once-read-many”, so write performances are very bad. Don&#039;t use this on heavy load if “Session activity timeout” is enabled <em>(if set, handler “write” sessions)</em></div>
</li>
<li class="level1"><div class="li"> MySQL/MariaDB is better to read than to write. Prefer PostgreSQL if you use “Session activity timeout”</div>
</li>
<li class="level1"><div class="li"> Logged tables decrease a lot insert performances with PostgreSQL, so use unlogged tables for sessions except for persistent sessions</div>
</li>
<li class="level1"><div class="li"> Redis is the best for main usage</div>
</li>
<li class="level1"><div class="li"> Browseable::Postgres/PgHstore/PgJSON are the best SQL solutions on average</div>
</li>
</ul>

Clément OUDOT's avatar
Clément OUDOT committed
364
</div>
Xavier Guimard's avatar
Xavier Guimard committed
365
<!-- EDIT8 SECTION "Apache::Session performances" [4749-10321] -->
Xavier Guimard's avatar
Xavier Guimard committed
366
<h3 class="sectionedit10" id="ldap_performances">LDAP performances</h3>
Clément OUDOT's avatar
Clément OUDOT committed
367 368 369 370 371 372 373 374 375 376 377
<div class="level3">

<p>
LDAP server can be a brake when you use LDAP groups recovery. You can avoid this by setting “memberOf” fields in your LDAP scheme:
</p>
<pre class="code ldif"><span class="re0">dn</span>:<span class="re1"> uid=foo,dmdName=people,dc=example,dc=com</span>
...
<span class="re0">memberOf</span>:<span class="re1"> cn=admin,dmdName=groups,dc=example,dc=com</span>
<span class="re0">memberOf</span>:<span class="re1"> cn=su,dmdName=groups,dc=example,dc=com</span></pre>

<p>
Xavier Guimard's avatar
Xavier Guimard committed
378
So instead of using LDAP groups recovery, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance"  rel="nofollow">memberof overlay</a> to do it automatically.
Clément OUDOT's avatar
Clément OUDOT committed
379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401
</p>
<div class="noteimportant">Don&#039;t forget to create an index on the field used to find users (uid by default)
</div><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:<ul>
<li class="level1"><div class="li"> Exported variables</div>
</li>
</ul>
<pre class="code">ldapgroups -&gt; memberOf</pre>

<p>
For now, ldapgroups contains “cn=admin,dmdName=groups,dc=example,dc=com cn=su,dmdName=groups,dc=example,dc=com”
</p>
<ul>
<li class="level1"><div class="li"> A little macro:</div>
</li>
</ul>
<pre class="code perl">ldapgroups <span class="sy0">-&gt;</span> <a href="http://perldoc.perl.org/functions/join.html"><span class="kw3">join</span></a><span class="br0">&#40;</span><span class="st0">&quot; &quot;</span><span class="sy0">,</span><span class="br0">&#40;</span><span class="re0">$ldapgroups</span> <span class="sy0">=~</span> <span class="co2">/cn=(.*?),/g</span><span class="br0">&#41;</span><span class="br0">&#41;</span></pre>

<p>
Now ldapgroups contains “admin su”
</p>

</div>
</div>
Xavier Guimard's avatar
Xavier Guimard committed
402
<!-- EDIT10 SECTION "LDAP performances" [10322-11451] -->
Xavier Guimard's avatar
Xavier Guimard committed
403
<h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
Clément OUDOT's avatar
Clément OUDOT committed
404 405 406
<div class="level2">

</div>
Xavier Guimard's avatar
Xavier Guimard committed
407
<!-- EDIT11 SECTION "Manager performances" [11452-11485] -->
Xavier Guimard's avatar
Xavier Guimard committed
408
<h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
Clément OUDOT's avatar
Clément OUDOT committed
409 410 411
<div class="level3">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
412
In lemonldap-ng.ini, set only modules that you will use. By default, configuration, sessions explorer, notifications explorer and second factor are enabled. Example:
Clément OUDOT's avatar
Clément OUDOT committed
413 414 415 416 417
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>manager<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
418
<!-- EDIT12 SECTION "Disable unused modules" [11486-11747] -->
Xavier Guimard's avatar
Xavier Guimard committed
419
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
Clément OUDOT's avatar
Clément OUDOT committed
420 421 422 423 424 425 426 427
<div class="level3">

<p>
Once Manager is installed, browse enabled modules (configuration, sessions, notifications) and save the web pages respectively under <code>manager.html</code>, <code>sessions.html</code> and <code>notifications.html</code> in the <code>DocumentRoot</code> directory. Then replace this in Manager file of Apache configuration:
</p>
<pre class="code apache"><span class="kw1">RewriteRule</span> <span class="st0">&quot;^/$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi&quot;</span> [PT]
<span class="co1"># DirectoryIndex manager.html</span>
<span class="co1"># RewriteCond &quot;%{REQUEST_FILENAME}&quot; &quot;!\.html$&quot;</span>
Xavier Guimard's avatar
Xavier Guimard committed
428
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|lib).*&quot;</span>
Clément OUDOT's avatar
Clément OUDOT committed
429 430 431 432 433 434 435 436
<span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi/$1&quot;</span> [PT]</pre>

<p>
by:
</p>
<pre class="code apache"><span class="co1"># RewriteRule &quot;^/$&quot; &quot;/psgi/manager-server.fcgi&quot; [PT]</span>
<span class="kw1">DirectoryIndex</span> manager.html
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!<span class="es0">\.</span>html$&quot;</span>
Xavier Guimard's avatar
Xavier Guimard committed
437
<span class="kw1">RewriteCond</span> <span class="st0">&quot;%{REQUEST_FILENAME}&quot;</span> <span class="st0">&quot;!^/(?:static|doc|lib).*&quot;</span>
Clément OUDOT's avatar
Clément OUDOT committed
438 439 440 441 442 443 444
<span class="kw1">RewriteRule</span> <span class="st0">&quot;^/(.+)$&quot;</span> <span class="st0">&quot;/psgi/manager-server.fcgi/$1&quot;</span> [PT]</pre>

<p>
So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be no more generated by Perl but directly given by the web server.
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
445
<!-- EDIT13 SECTION "Use static HTML files" [11748-] --></div>
Clément OUDOT's avatar
Clément OUDOT committed
446 447
</body>
</html>