--On Wednesday, September 1, 2021 2:07 PM +0100 Mark Cairney Mark.Cairney@ed.ac.uk wrote:
Hi,
I've been out the LDAP loop for a bit but the recent discussion of the memberof overlay on 2.5 piqued my curiosity. Having upgraded a Dev box, removed the memberof elements from the database and replaced the memberof overlay with dynlist the queries appear to work as expected but are both a) slow and b) heavily CPU-intensive on the LDAP server.
As an aside, I would note that you appear to be indexing "pres" unnecessarily. Please read https://www.openldap.org/doc/admin25/tuning.html#Presence%20indexing
If the group object is large you may be having slow searches due to indices being collapsed to a range. You would need to run the search with trace logging to determine if that's the case as was recently discussed on the list.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com