[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8375) paged results control results in full db search?

To: openldap-its@OpenLDAP.org
Subject: (ITS#8375) paged results control results in full db search?
From: geert@hendrickx.be
Date: Mon, 22 Feb 2016 07:57:49 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Geert Hendrickx
Version: 2.4.44
OS: Linux
URL: http://www.openldap.org/lists/openldap-technical/201602/msg00094.html
Submission from: (NULL) (2a02:1810:4d03:d00:18e9:3ca5:a68f:c7f4)


We found an odd issue when using LDAP Admin (www.ldapadmin.org), which by
defaults uses the paged results control (RFC 2696) to limit search results.

This client initially issues an objectclass=* search with one-level scope
to list the first-level objects/trees on the LDAP DIT, which you can then
browse/expand by clicking on them.

On a large db, we noticed this initial search hits the timelimit, even
though the equivalent command line search is instant.  I found the
difference is in using the paged result control:

ldapsearch -s one -E \!pr=100 objectclass=\* objectclass        => slow
ldapsearch -s one             objectclass=\* objectclass        => fast

The slapd stats+trace logging of each is in attachment.  Notice the large
number of objects being skipped with "scope not okay" in the first, where
this does not happen in the second.  This slows down the search, and on a
very large db, makes it exceed the configured 60 seconds timelimit.

A third variant, setting the sizelimit explicitly, avoids the issue:

ldapsearch -s one -E \!pr=100 -z 100 objectclass=\* objectclass => fast

Is this expected behaviour?

Prev by Date: RE: (ITS#8374) LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS
Next by Date: (ITS#8376) Use getaddrinfo to resolve FQDN
Index(es):
- Chronological
- Thread