Re: slow ldapsearch when binddn is not root
On 4/24/08, Aaron Richton <richton(a)nbcs.rutgers.edu> wrote:
On Thu, 24 Apr 2008, Alexandre Biancalana wrote:
> # time ldapsearch -D
uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b
> ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
> Enter LDAP Password:
> 101.71s real 0.59s user 0.11s system
>
> # time ldapsearch -D cn=root,dc=tempopar,dc=com,dc=br -b
> ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
> Enter LDAP Password:
> 3.13s real 0.53s user 0.08s system
>
Well, first off, are you always doing user first then root second? Is this
reproducible, repeatedly, regardless of direction? (Rule out cache priming.)
[config'd with a lot of]
> access to
dn.regex="^(.*,)?ou=Computers,dc=mydomain,dc=com,dc=br$"
>
This is what I think your real issue is: you have a ton of regex ACLs, and
I'm guessing you're linked against an inefficient regex library.
I'm not sure exactly what you're doing, but give some thought to:
access to
dn.subtree="ou=Computers,dc=mydomain,dc=com,dc=br"
perhaps?
Hi Aaron !
I change all dn.regex, to dn.subtree and the slowness go away...
Look this:
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:00 BRT 2008
Enter LDAP Password:
3.85s real 0.64s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
Thu Apr 24 14:07:08 BRT 2008
Enter LDAP Password:
5.00s real 0.56s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:17 BRT 2008
Enter LDAP Password:
6.10s real 0.58s user 0.04s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:25 BRT 2008
Enter LDAP Password:
3.25s real 0.57s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:30 BRT 2008
Enter LDAP Password:
3.03s real 0.56s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
Thu Apr 24 14:07:35 BRT 2008
Enter LDAP Password:
2.95s real 0.55s user 0.06s system
Thank you for the hint!
Regards,
Alexandre