[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slow ldapsearch when binddn is not root

To: Alexandre Biancalana <biancalana@gmail.com>
Subject: Re: slow ldapsearch when binddn is not root
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Thu, 24 Apr 2008 11:33:35 -0400 (EDT)
Cc: openldap-software@openldap.org
In-reply-to: <8e10486b0804240648k37549670k642d2586fac4d24f@mail.gmail.com>
References: <8e10486b0804240648k37549670k642d2586fac4d24f@mail.gmail.com>

On Thu, 24 Apr 2008, Alexandre Biancalana wrote:

# time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br  -W -x > /dev/null
Enter LDAP Password:
 101.71s real     0.59s user     0.11s system

# time ldapsearch -D cn=root,dc=tempopar,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br  -W -x > /dev/null
Enter LDAP Password:
   3.13s real     0.53s user     0.08s system

Well, first off, are you always doing user first then root second? Is this reproducible, repeatedly, regardless of direction? (Rule out cache priming.)

[config'd with a lot of]

access to dn.regex="^(.*,)?ou=Computers,dc=mydomain,dc=com,dc=br$"

This is what I think your real issue is: you have a ton of regex ACLs, and I'm guessing you're linked against an inefficient regex library.

I'm not sure exactly what you're doing, but give some thought to:

access to dn.subtree="ou=Computers,dc=mydomain,dc=com,dc=br"

perhaps?

Follow-Ups:
- Re: slow ldapsearch when binddn is not root
  - From: "Alexandre Biancalana" <biancalana@gmail.com>
- DSML and SPML functionality in javaldap
  - From: "Rastogi Arpit" <rarpit@novell.com>

References:
- slow ldapsearch when binddn is not root
  - From: "Alexandre Biancalana" <biancalana@gmail.com>

Prev by Date: Re: A question about log messages
Next by Date: Re: A question about log messages
Index(es):
- Chronological
- Thread