[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: open LDAP query slow for 5k users only (each having 40 entries)

Adam Tauno Williams wrote:
I am using open ldap 2.0.23 server from last 3 years on my linux server 
(Pentium(R) 4 CPU 2.80GHz) or storing and retriving user profiles. It 
works fine for arround 100 to 200 user profiles. Once number of entries 
increase to 5 k, It took arround 1.5 second to add one users in ldap. I 
was surprise to see that once i added arround 5000 profiles in system 
searching of a profile started taking .15 seconds. This time does not 
include TCP connect time as my C client opens a connection at startup.

Well... dude, you need some indexes!  

And not just on "objectclass"

And 2.0.23 is really really old, current is 2.2.19.  Let me tell you
from my own experience that the move from 2.0 -> 2.1 -> 2.2 each yielded
very serious performance improvements.

And don't slapindex; slapcat & slapadd.
Thanks a ton Adam for your reply.
I will surelly move to newer version ASAP.
I have few more question, if u could help me out.

Issue 1 => do ldap search uses indexs even when filter is not specified ?
say i want to search all entries (filter null) under dn,
Can it help if i create index on objectclass etc.
When i created index on objectClass my search started taking 25% extra time(.2 to .25 seconds.). Then i indexed both pid (mainly used attribute in all entry) and objectclass it started taking even more time. slapindex should help as i change my slapd.conf with index ?? Why i need to use slapdadd as entries are already present.

Issue 2 =>
I have many attributes which can be taken as integers like registration time
on server, max simultanous connection reguired.  Currently i have to SUP all my attributes with name object.
    attributetype ( 10.1.1 NAME 'regTime' SUP name SINGLE-VALUE )
Can i use any integer object class ?
if yes then how much it will help to have integer instead of strings/names ?
How do i get this interger values in my C client ?

Issue 3 => length of dn, attribute and object class name etc.
Does it help ldap to search if my dn length is smaller.
Say if i want a tree level (sub) search on base dn
There are arround 5 k dn in the same level with same kind of naming style. Does it help searching ldap if i rename it to

Issue 4 => memory sizes ??
cachesize 10000
dbcachesize 1000000
Are both the sizes in kb ? what is optimal limit ?
which variable i need to tune to say cache all 10 k profiles dn in the memory and not the attributes/values ? I can see this memory is not used at startup from the ldap. it use as and when needed, in my case afterwards it started
swapping on my machine. Can i configure to take all memory at startup ?


Vishal Mathur
Manager - Applications Group
Netyantra India Pvt. Ltd.
3rd Floor, Jaysynth Center, Plot No. 6,
Sector 24, Turbhe, Mumbai - 400 705
Phone: 91 22 27832547/9

Disclaimer -
If you are not the intended recipient of this transmission to whom it is
addressed, or have received this transmission in error, you are hereby
notified that any dissemination, distribution or copying of this transmission
is strictly prohibited. Please notify us immediately and delete this e-mail
from your system. The sender does not accept liability for any errors or
omissions in the contents of this message which arise as a result of e-mail
transmission, which cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, arrive at wrong address or contain viruses. If verification
is required please request a hard-copy version.  This e-mail contains only the
personal opinions of the sender and does not represent an official
communication from NetYantra of any manner.