What I've found speeds things up is to also use LDAP_NO_ATTRS ("1.1") inside the attrs argument to ldap_search(3) when you can.
This way less information is returned, and more importantly access control checks on attributes that might've been returned are not run.
You might not get a lot of mileage out of that speedup if you don't have many attribute access checks, but you might save some network overhead, which might matter over an SSL link.
I can't say what percentage gain I've seen, but I think it might've been around 20%.
And if you can do without syslog altogether, you can always run slapd -s 0, that helps a lot.
From: Matthew Schumacher [mailto:firstname.lastname@example.org]
Sent: Thursday, February 07, 2002 3:11 PM
Subject: Re: performance problems
I think I have solved the problem... Hopefully this will help someone
1. First you need to set bigger than default caching sizes in your
2. Index the uidNumber gidNumber, and uid.
3. Set my syslog to not write on every log, but use caching: