Hello,


Any more feedback on this ?

It seems that when there is a query with filter "telephoneNumber" and a search for "cn sn" the search goes faster (no delay between query and answer) :


Sep 22 11:12:41 slap01 slapd[22668]: conn=3580 fd=13 ACCEPT from IP=my.pub.ip..add:54994 (IP=0.0.0.0:389)
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" method=128
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" mech=SIMPLE ssf=0
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=0 RESULT tag=97 err=0 text=
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=1 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&(telephoneNumber=70470470*)(sn=*))"
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=1 SRCH attr=cn sn telephoneNumber
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 op=2 UNBIND
Sep 22 11:12:42 slap01 slapd[22668]: conn=3580 fd=13 closed



So how can I get the same speed (with no delay) when filter is "sn" ?

Thank you.

Jonas.



On 04-09-14 09:10, Jonas Kellens wrote:
Hello list,


I have the following rules in /etc/openldap/slapd.conf for about 250 users (cust1 -> cust250).


This is an extract for user 'cust22' and user 'cust23' :


access to dn.regex="ou=tbook[12345],ou=contacten,ou=cust22,dc=mydomain" attrs=children
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by * none break

access to dn.one="ou=tbook1,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook1,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook2,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook2,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook3,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook3,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook4,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook4,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.one="ou=tbook5,ou=contacten,ou=cust22,dc=mydomain"
        by group.exact="cn=admins,ou=cust22,dc=mydomain" write
        by group.exact="cn=tbook5,ou=gebruikers,ou=cust22,dc=mydomain" read

access to dn.regex="ou=tbook[12345],ou=contacten,ou=cust23,dc=mydomain" attrs=children
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by * none break

access to dn.one="ou=tbook1,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook1,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook2,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook2,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook3,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook3,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook4,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook4,ou=gebruikers,ou=cust23,dc=mydomain" read

access to dn.one="ou=tbook5,ou=contacten,ou=cust23,dc=mydomain"
        by group.exact="cn=admins,ou=cust23,dc=mydomain" write
        by group.exact="cn=tbook5,ou=gebruikers,ou=cust23,dc=mydomain" read




I notice that there is a huge lack of performance (slow response times) when over about 100 users. There are quite some access rules in slapd.conf at that time.

There is about 8 seconds between query and response :


Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 fd=13 ACCEPT from IP=xx.xx.xx.xx:1046 (IP=0.0.0.0:389)
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" method=128
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 BIND dn="cn=Ucust23,ou=cust23,dc=mydomain" mech=SIMPLE ssf=0
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=0 RESULT tag=97 err=0 text=
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=1 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&(telephoneNumber=*)(sn=t*))"
Sep  3 14:57:05 slap01 slapd[12908]: conn=1001 op=1 SRCH attr=cn sn telephoneNumber

Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=2 ABANDON msg=2
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 op=3 UNBIND
Sep  3 14:57:13 slap01 slapd[12908]: conn=1001 fd=13 closed




Question : how can I get a better performance ? How can I adapt my access rules for better performance ?


Thanks !


Kind Regards,

Jonas.