On Thu, 24 Apr 2008, Alexandre Biancalana wrote:
# time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Enter LDAP Password: 101.71s real 0.59s user 0.11s system
# time ldapsearch -D cn=root,dc=tempopar,dc=com,dc=br -b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null Enter LDAP Password: 3.13s real 0.53s user 0.08s system
Well, first off, are you always doing user first then root second? Is this reproducible, repeatedly, regardless of direction? (Rule out cache priming.)
[config'd with a lot of]
access to dn.regex="^(.*,)?ou=Computers,dc=mydomain,dc=com,dc=br$"
This is what I think your real issue is: you have a ton of regex ACLs, and I'm guessing you're linked against an inefficient regex library.
I'm not sure exactly what you're doing, but give some thought to:
access to dn.subtree="ou=Computers,dc=mydomain,dc=com,dc=br"
perhaps?