On 4/24/08, Aaron Richton richton@nbcs.rutgers.edu wrote:
On Thu, 24 Apr 2008, Alexandre Biancalana wrote:
# time ldapsearch -D
uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Enter LDAP Password: 101.71s real 0.59s user 0.11s system
# time ldapsearch -D cn=root,dc=tempopar,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Enter LDAP Password: 3.13s real 0.53s user 0.08s system
Well, first off, are you always doing user first then root second? Is this reproducible, repeatedly, regardless of direction? (Rule out cache priming.)
[config'd with a lot of]
access to
dn.regex="^(.*,)?ou=Computers,dc=mydomain,dc=com,dc=br$"
This is what I think your real issue is: you have a ton of regex ACLs, and I'm guessing you're linked against an inefficient regex library.
I'm not sure exactly what you're doing, but give some thought to:
access to dn.subtree="ou=Computers,dc=mydomain,dc=com,dc=br"
perhaps?
Hi Aaron !
I change all dn.regex, to dn.subtree and the slowness go away...
Look this:
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul > Thu Apr 24 14:07:00 BRT 2008 Enter LDAP Password: 3.85s real 0.64s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Thu Apr 24 14:07:08 BRT 2008 Enter LDAP Password: 5.00s real 0.56s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul > Thu Apr 24 14:07:17 BRT 2008 Enter LDAP Password: 6.10s real 0.58s user 0.04s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul > Thu Apr 24 14:07:25 BRT 2008 Enter LDAP Password: 3.25s real 0.57s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul > Thu Apr 24 14:07:30 BRT 2008 Enter LDAP Password: 3.03s real 0.56s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Thu Apr 24 14:07:35 BRT 2008 Enter LDAP Password: 2.95s real 0.55s user 0.06s system
Thank you for the hint!
Regards, Alexandre