yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1320997] Re: Common Ldap handler connection pooling

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 04 Sep 2014 14:32:01 -0000
Reply-to: Bug 1320997 <1320997@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => juno-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1320997

Title:
  Common Ldap handler connection pooling

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Currently LDAP API handler establishes new connection for identity
  data (user, group) lookup which becomes quite costly when TLS support
  is enabled.

  In performance testing with 100 concurrent users, with OpenLdap as
  ldap server, we observed that ldap identity backend takes around 9-15
  times more time (around 7-10 seconds)  with respect to mysql identity
  backend.  And 77% of time is spent in ldap data retrieval for
  authentication request.

  So locally we tried to optimize ldap lookup by using connection
  pooling (https://pypi.python.org/pypi/ldappool/1.0) and that has
  improved performance numbers by 30%.

  This request is to make similar enhancement in LDAP handler code to
  use connection pooling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1320997/+subscriptions

References

[Bug 1320997] [NEW] Identity Ldap driver connection pooling
From: Arun Kant, 2014-05-19