Re: reliability of LDAP lookups

[Pierangelo Masarati <pmasarati@bci.it>]

Hugo.van.der.Kooij@caiw.nl wrote:

> On Sat, 28 Oct 2000, Pierangelo Masarati wrote:
>
> > I use an OpenLDAP server to check whether or not a user can send mail
> > outside of the company. Actually, there are a set of replicas of the
> > main
> > server that are used for many different purposes, so it happens they are
> > very
> > busy, so sendmail hangs waiting for reply and eventually times out.
> > For those who are not familiar with LDAP API, a client can be configured
>
> Seems to me you are searching on non-indexed attributes. As I understood
> from various postings it will make a very significant difference in speed.

Actually, it's not! It's more like a bug than a performance problem, but it
happens
very often that one server for a while is kind of hung: it still accepts
connections,
and eventually replies, but it may take a few seconds. After a while
everything is ok.
I've spent a lot of time trying to track the problem down. This is one of the
reasons
we use many servers (we are giving directory access to a lot of service for
sendmail
routing address, smtpauth (testing), imap auth, proxy auth, proxy redirect,
web auth,
app profiling, address booking and so for some 25,000 users. The servers are
VERY
loaded and maybe this is the only reason. At present I'm using
OpenLDAP 1.2.11
and testing OpenLDAP 2.0.x; in 1.2.11's slapd.conf I set

> index <binary attrs> none
> index default pres,eq,sub,approx

so I'm positive it's not an indexing problem!

Moreover, I think the possibility to try another server in the list not only
in case of no availability, but also in case of timeout or in general for
application
dependent reasons would give developers more flexibility.

Bye, Pierangelo.