Full_Name: Luca Scamoni Version: 2.4.35 OS: Linux URL: ftp://www.sys-net.it/alias-deref-ITS2.tar.gz Submission from: (NULL) (78.134.117.13) Investigating alias dereferencing slowness on a customer production system I came upon a suspect behaviour with back-hdb/bdb. It seems that slapd, when dereferencing, instead of looking for the exact aliased DN, starts scanning more entries than needed (at least this is what I can tell looking to the logs set to log anything) On the customer system, with over 700,000 entries, the time taken to perform a simple search with alias dereferencing for a single entry, takes as much as performing a full ldapsearch of the entire ldap tree. To reproduce I created a small testcase (that I can't upload because there's no space left on ftp.openldap.org/incoming). The test case contains also the log and the operations performed on test data to show the issue. I tested with openldap 2.4.23, 2.4.31 and 2.4.35. The issue is present in all versions but seems to manifest itself only with back-bdb/hdb. Back-mdb seems not to show the issue (even looking at the logs) but right now, moving to back-mdb is not something the customer is ready to take.