[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch 2.0.7 _way_ slower than 1.2.11...help?

Sorry for the repeat; I got no response to my first request so I wanted
to make sure it got through to the list.  Anyone have any thoughts about
this?  It's has us extremely concerned.  I'm willing to spend some time
trying to discover potentially pertinent differences (I don't have _any_
access to the LDAP server systems, unfortunately; I can't even log in)
if anyone has any pointers as to where I should start.

Should I send this to openldap-devel as well/instead?  Thanks!

Our company is using Critical Path ("Live Content Directory"), formerly
known as ICL i500, LDAP servers running on Solaris.

I have both OpenLDAP 1.2.11 and 2.0.7 installed on my local desktop
system (Debian GNU/Linux--but I built these both myself from scratch,
both on the same host, both with very simple "./configure" with no
options).  I used different --prefix directories, not the standard
place, so I'm sure there are no conflicts between them in terms of
installation.  I haven't touched any config files, etc.

When I do a simple query looking up one element of an existing record
using ldapsearch from 1.2.11, the response consistently comes back in
about 1 second (the servers are relatively far away from me,
network-topology-wise, so this doesn't seem out of line to me).

When I do the exact same query using ldapsearch from 2.0.7, with the
same options, at the same time, the same response takes over 20 seconds.
I've had it take as long as _80_ seconds, but almost never less than 20.
The absolute lowest time I've ever gotten is 4 seconds, rarely, and even
that is still 4 times worse than the average time I get with 1.2.11.

What could possibly be causing this immense slowdown!?!?

Anyone have any ideas?  If not, any thoughts about what I can do to
diagnose the problem myself?  Is there some way to get ldapsearch to
provide information about the query it's sending, to compare the two

Here is an example:

  $ time 1.2.11/bin/ldapsearch -h ldapserver -b ou=Internal,ou=People,o=MyCorp employeeNumber=5551212 sn
  employeeNumber=5551212, ou=Internal, ou=People, o=MyCorp

  real    0m0.816s
  user    0m0.000s
  sys     0m0.000s

Now this (I literally ran these within 1 second of each other, and I've
run them intertwined, etc. all day with consistent results):

  $ time 2.0.7/bin/ldapsearch -h ldapserver -b ou=Internal,ou=People,o=MyCorp employeeNumber=5551212 sn
  version: 2

  # filter: employeeNumber=5551212
  # requesting: sn 

  # 5551212,Internal,People,MyCorp
  dn: employeeNumber=5551212,ou=Internal,ou=People,o=MyCorp
  sn: Smith

  # search result
  search: 2
  result: 0 Success

  # numResponses: 2
  # numEntries: 1

  real    0m20.899s
  user    0m0.020s
  sys     0m0.000s

One difference I _do_ notice is that if I use ldd on the ldapsearch
binaries, the 2.0.7 binary has libssl and libcrypto 0.9.6 linked, while
the 1.2.11 binary just has normal libcrypt.  I don't know if this could
make a difference; if that's the problem what should I do to resolve it?


 Paul D. Smith <psmith@baynetworks.com>    HASMAT--HA Software Methods & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
   These are my opinions---Nortel Networks takes no responsibility for them.