diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml index 09e2622d..1613695d 100644 --- a/lam/docs/manual-sources/howto.xml +++ b/lam/docs/manual-sources/howto.xml @@ -1201,7 +1201,7 @@ Have fun! -
+
General settings Here you can specify the LDAP server and some security @@ -8368,7 +8368,7 @@ objectclass: top - Indices: + Indices: Indices will improve the performance when searching for entries in the LDAP directory. The following indices are recommended: @@ -8647,7 +8647,7 @@ objectclass: top service customisations. - + Clustering LAM LAM is a web application based on PHP. Therefore, clustering is not @@ -8722,67 +8722,159 @@ objectclass: top Troubleshooting - Size limit +
+ Functional issues - You will get a message like "LDAP sizelimit exceeded, not all - entries are shown." when you hit the LDAP search limit. See the OpenLDAP settings to fix this. + Size limit - + You will get a message like "LDAP sizelimit exceeded, not all + entries are shown." when you hit the LDAP search limit. See the OpenLDAP settings to fix + this. + + - Invalid syntax errors: + Invalid syntax errors: - If you get any strange errors like "Invalid syntax" or "Invalid DN - syntax" please check if your LDAP schema matches LAM's - requirements. + If you get any strange errors like "Invalid syntax" or "Invalid DN + syntax" please check if your LDAP schema matches LAM's + requirements. - + - Schema test: + Schema test: - This can be done by running "Tools" -> "Tests" -> "Schema - test" inside LAM. + This can be done by running "Tools" -> "Tests" -> "Schema + test" inside LAM. - If there are any object classes or attributes missing you will get a - notice. See LDAP schema files for a list - of used schemas. You may also want to deactive unused modules in your LAM - server profile (tab "Modules"). + If there are any object classes or attributes missing you will get + a notice. See LDAP schema files for a + list of used schemas. You may also want to deactive unused modules in + your LAM server profile (tab "Modules"). - - - - - - - + + + + + + + - + Logging: - If your schema is correct you can turn on LDAP logging to get more - detailed error messages from your LDAP server. + If your schema is correct you can turn on LDAP logging to get more + detailed error messages from your LDAP server. - + - OpenLDAP logging: + OpenLDAP logging: - - - slapd.conf: In /etc/ldap/slapd.conf turn logging on with the - line "loglevel 256". - + + + slapd.conf: In /etc/ldap/slapd.conf turn logging on with the + line "loglevel 256". + - - slapd.d: In /etc/ldap/slapd.d/cn=config.ldif please change the - attribute "olcLogLevel" to "Stats". Please add a line "olcLogLevel: - Stats" if the attribute is missing. - - + + slapd.d: In /etc/ldap/slapd.d/cn=config.ldif please change the + attribute "olcLogLevel" to "Stats". Please add a line "olcLogLevel: + Stats" if the attribute is missing. + + - After changing the configuration please restart OpenLDAP. It usually - uses /var/log/syslog for log output. + After changing the configuration please restart OpenLDAP. It + usually uses /var/log/syslog for log output. +
+ +
+ Performance issues + + LAM is tested to work with 10000 users with acceptable + performance. If you have a larger directory or slow hardware then here + are some points to increase performance. + + + + + The first step is to check if performance problems are caused by + the LAM web server or the LDAP server. Please check which machine + suffers from high system load (CPU/memory consumption). + + High network latency may also be a problem. For large + installations please make sure that LAM web server and LDAP server are + located in the same building/server room. + + If you run LAM on multiple nodes (DNS load balancing/hardware load + balancer) then also check the clustering + section. + +
+ LDAP server + + Use indices + + Depending on the queries it may help to add some more indices on + the LDAP server. Depending on your LDAP software it may already + suggest indices in its log files. See here for typical OpenLDAP indices. + + + + + Reduce query results by splitting LDAP + management into multiple server profiles + + If you manage a very large directory then it might already be + separated into multiple subtrees (e.g. by country, subsidiary, ...). + Do not use a single LAM server profile to manage your whole directory. + Use different server profiles for each separated LDAP subtree where + possible (e.g. one for German users and one for French ones). + + + + + Limit query results + + LAM allows to set an LDAP search + limit for each server profile. This will limit the number of + entries returned by your LDAP server. Use with caution because it can + cause problems (e.g. with automatic UID generation) when LAM is not + able to read all entries. +
+ +
+ LAM web server + + Install a PHP + accelerator + + There are tools like APC (free) or + Zend + Server (commercial) that provide caching of PHP pages to + improve performance. They will reduce the time for parsing the PHP + pages and IO load. + + This is a simply way to enhance performance since APC is part of + most Linux distributions. + + If you use APC then make sure that it uses enough memory (e.g. + "apc.shm_size=128M"). You can check the memory usage with the file + apc.php that is shipped with APC. + + + + + Disable session + encryption + + LAM encrypts sensitive data in your session files. You can + prevent this by disabling the PHP MCrypt module (if installed). +
+