← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #14472

[Bug 1320997] [NEW] Identity Ldap driver connection pooling

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Currently LDAP API handler establishes new connection for identity data
(user, group) lookup which becomes quite costly when TLS support is
enabled.

In performance testing with 100 concurrent users, with OpenLdap as ldap
server, we observed that ldap identity backend takes around 9-15 times
more time (around 7-10 seconds)  with respect to mysql identity backend.
And 77% of time is spent in ldap data retrieval for authentication
request.

So locally we tried to optimize ldap lookup by using connection pooling
(https://pypi.python.org/pypi/ldappool/1.0) and that has improved
performance numbers by 30%.

This request is to make similar enhancement in LDAP handler code to use
connection pooling.

** Affects: keystone
     Importance: Undecided
         Status: New


** Tags: ldap

** Description changed:

  Currently LDAP API handler establishes new connection for identity data
  (user, group) lookup which becomes quite costly when TLS support is
  enabled.
  
  In performance testing with 100 concurrent users, with OpenLdap as ldap
  server, we observed that ldap identity backend takes around 9-15 times
  more time (around 7-10 seconds)  with respect to mysql identity backend.
  And 77% of time is spent in ldap data retrieval for authentication
  request.
  
  So locally we tried to optimize ldap lookup by using connection pooling
  (https://pypi.python.org/pypi/ldappool/1.0) and that has improved
  performance numbers by 30%.
  
- This request is to similar enhancement in LDAP handler code to use
+ This request is to make similar enhancement in LDAP handler code to use
  connection pooling.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1320997

Title:
  Identity Ldap driver connection pooling

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Currently LDAP API handler establishes new connection for identity
  data (user, group) lookup which becomes quite costly when TLS support
  is enabled.

  In performance testing with 100 concurrent users, with OpenLdap as
  ldap server, we observed that ldap identity backend takes around 9-15
  times more time (around 7-10 seconds)  with respect to mysql identity
  backend.  And 77% of time is spent in ldap data retrieval for
  authentication request.

  So locally we tried to optimize ldap lookup by using connection
  pooling (https://pypi.python.org/pypi/ldappool/1.0) and that has
  improved performance numbers by 30%.

  This request is to make similar enhancement in LDAP handler code to
  use connection pooling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1320997/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next