Hi,
Hallvard B Furuseth wrote:
Andrew Findlay writes:
Retrieving 2M entries in a single operation is going to tax any LDAP server, especially if you do not request paged results. Consider what it must do:
- Make a list of every entry ID
- Retrieve the data for every entry
- Build a message containing 2M entries
- Send the message
No, each entry is sent in a separate message.
I also thought it would send each message separately, because to build a message with 2M entries wouldn't make sense. It would also take much longer to respond. The first entry of the search is returned immediately which indicates that each entry is sent separately.
However OpenLDAP does build a list of all entry IDs to examine and possibly, subject to indexes for the filters. And it must readlock all these entries so that an update operation won't mess things up while it is sending, and so updates will be atomic as seen by the search request.
I don't know what BDB does when there are 2M entries to examine though. Maybe it just gives up and examines all entries, as LDBM did.
The total memory of the server is 4 GB and swap 2 GB. So it will survive even if we pull the entire tree by using ldapsearch. But we would like to put other services as well on the same server which could slow things down if LDAP is already using a lot of memory.
I know doing an ldapsearch "(objectClass=*)" is a bad way to get all entries, but I want to make sure that a bad formatted search can't slow down the entire server by consuming a lot of memory.
Another question why isn't it releasing the used memory after the search finished?
Thanks Thorsten