Folks,

I'm using OpenLDAP under HPUX 11iv3 and am seeing inconsistent query response.

Environment details:
Host:           HP rx6600
Processor:      2 x 2-core IA64
OS:             HPUX 11iv3 March 2008 Data Center Environment
OpenLDAP:       2.4.10

Prerequisite software:
db              4.6.21
gdbm            1.8.3
gettext 0.17
libiconv        1.12
openssl A.09.08g.001 (HP distribution)
perl            D.5.8.8.B (HP distribution)

Database:
Backend bdb
DN entries      870
CN entries      7807

DB_CONFIG contents:
set_flags db_auto_commit
set_flags db_log_autoremove
set_lg_dir /var/adm/ldap/dvesv

slapd.conf contents:
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /descl/dvesv2/openldap/etc/qgov.schema

pidfile         /descl/dvesv2/openldap/var/dvesv2-slapd.pid
argsfile        /descl/dvesv2/openldap/var/dvesv2-slapd.args

sizelimit       100000
loglevel        3311
threads         16

database        bdb
lastmod         on

suffix          "o=QLDGOV, c=au"
rootdn          "cn=manager, o=QLDGOV, c=au"
directory       /descl/dvesv2/openldap/bdb
rootpw          secret

index           objectClass,uniqueIdentifier            eq
index           cn,sn,givenName,uid,title,displayName   eq,sub

access to attrs=userPassword
        by * auth
access to dn.regex="(.+,)?ou=users,o=QLDGOV,c=au"
        by * auth
access to dn.subtree="ou=Department of Emergency Services,o=QLDGOV,c=au"
        by anonymous none
        by dn.exact="cn=wl_ph_user,ou=users,o=QLDGOV,c=au" write
        by dn.regex=".+,ou=users,o=QLDGOV,c=au" write


After building the database and starting the daemon, I used the following ldapsearch command to query the database (on the local host, so no remote network connection is involved):

ldapsearch -v -D cn=manager,o=QLDGOV,c=au -x -w secret -H ldap://10.2.84.11:5021 -b o=QLDGOV,c=au -z 0 '(cn=Hall)'

There were 22 responses.

Now:
1) There are no other users operating on the database.
2) The database contents are static (but
slapd is not operating in read-only mode).
3) I tested access automatically with a loop of the form

i=1; while (( i
<= 10 ))
do timex ldapsearch ... | grep ^real
   let 'i += 1'
   sleep
5
done

(i.e. I used timex(1) to report the real time response).

50.43, 17.41, 41.92, 19.16, 2.46, 27.63, 33.90, 0.15, 13.56, 34.11

Yet, after applying tusc -o /dev/null {slapd_pid}, the retrieval times immediately became

1.18, 0.40, 0.51, 0.40, 0.60, 0.40, 0.40, 0.40, 0.39, 0.38

Not only better, but uniformly better.  Moreover, a similar (but to a lesser degree) effect was seen if I enabled LDAP debugging.

Any ideas on how to resolve this would be much appreciated.

Thanks.



Howard Bryden,
UNIX Administrator,
Qld. Govt. Dept. of Emergency Services,
Tel. 07 3109 5087

----------------------------------------------------------------------------------------------------------
Rocket J. Squirrel: "... we're going to have to think!"
Bullwinkle J. Moose: "There must be an easier way than that."


This correspondence is for the named persons only. It may contain confidential or privileged information or both. No confidentiality or privilege is waived or lost by any mis transmission. If you receive this correspondence in error please delete it from your system immediately and notify the sender. You must not disclose, copy or relay on any part of this correspondence, if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender except where the sender expressly, and with the authority, states them to be the opinions of the Department of Emergency Services, Queensland.