[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Queries very very slow + strange problem with indexes

On 20/11/2009 16:12, Jan Fricke wrote:
Hi members,
I'm running openLdap 2.3.43 on CentOS 5.3.
At the moment queries that return one entry of 20 take between 300ms and
600ms. The objectClass of the objects I query has no influence. The acl
rules that allow users to write have also no significant influence on
query speed. If I add

index telephoneNumber eq

to my slapd.conf, queries with (telephoneNumber=123) are very fast but
return zero results although they should return one.

Any ideas? I'm running out of ideas (Maybe because I'm new to LDAP :) )

After adding an index to slapd.conf, you need to stop the LDAP server, run slapindex, and start the server again, in order to build the index file.

Presumably running slapindex will speed up all your searches on indexes attributes.

Thanks in advance



Here is my slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

loglevel acl

database        bdb
suffix          "dc=myDomain"
rootdn          "cn=admin,dc=myDomain"
rootpw          {SSHA}basdfasdfasdfasdfv

directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

access to attrs=userPassword,shadowLastChange
         by dn="cn=admin,dc=myDomain" write
         by anonymous auth
         by self write
         by * none

access to dn.base=""
         by users read
         by dn="cn=admin,dc=myDomain" write

access to dn.exact="dc=myDomain"
         by * read

access to dn.exact="ou=users,dc=myDomain"
         by * read

access to dn.sub="ou=users,dc=myDomain"
         by set="user&
([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write
         by self read

access to dn.sub="ou=roles,ou=users,dc=myDomain"
         by set="user&
([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write
         by * read

access to dn.sub="ou=configs,dc=myDomain"
         by * read

access to dn.sub="ou=contacts,dc=myDomain"
         by set="user&
([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write
         by * read

access to dn.sub="ou=roleRights,dc=myDomain"
         by set="user&
([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write
         by * read

And also DB_CONFIG

set_cachesize 0 20097152 0
set_lk_max_objects 1500
set_lk_max_locks 1500
set_lk_max_lockers 1500

Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org