On Wed, Jun 25, 2008 at 09:11:49AM -0700, Howard Chu wrote:
I have a server with 20,000 account entries and one group that has 10,000 members. Deleting members from that group is very slow on OpenLDAP 2.4.10, though adding goes at a reasonable speed.
Try configuring sortvals - see slapd.conf(5).
That helps a lot, thanks. It reduces the delete time to under 0.5s.
Unfortunately it seems to introduce a bug. If I *just* add or delete a value all is OK, but if I delete one value and add another in the same LDAP operation the new value does not get indexed. The value is in the entry, but it cannot be searched for. Further, it cannot be deleted (as it is 'not there') yet it can be added again, leading to multiple identical values in the entry!
This only happens on *large* groups where the value being added would sort to the end of the list of values. I don't know how large the group has to be: 3 is not enough, and 10,000 is. My test case has a group that starts with 10,000 members inserted in numerical order:
dn: uniqueIdentifier=tenK,ou=groups,uniqueIdentifier=o_000000,dc=orgs,dc=dir,dc=example,dc=org objectclass: myGroup uniqueIdentifier: tenK displayName: Managers group tenK description: Sample group of managers member: uniqueIdentifier=a_000000,ou=accounts,uniqueIdentifier=o_000003,dc=orgs,dc=dir,dc=example,dc=org member: uniqueIdentifier=a_000001,ou=accounts,uniqueIdentifier=o_000000,dc=orgs,dc=dir,dc=example,dc=org member: uniqueIdentifier=a_000002,ou=accounts,uniqueIdentifier=o_000004,dc=orgs,dc=dir,dc=example,dc=org member: uniqueIdentifier=a_000003,ou=accounts,uniqueIdentifier=o_000003,dc=orgs,dc=dir,dc=example,dc=org
Deleting an entry from the middle of the list and adding one of the form: uniqueIdentifier=a_999999,ou=accounts,uniqueIdentifier=o_000005,... causes the problem, but if I add one like this it does not: uniqueIdentifier=a_00500Z,ou=accounts,uniqueIdentifier=o_000005,... (that would go near the middle of the list)
Andrew