--On Tuesday, April 11, 2023 3:56 PM +0000 Bradley T Gill bgill@aep.com wrote:
I have an ou with 3.2M users. Doing a simple search of 1 attribute with a scope of 1 and a base of that flat ou is taking 6.2 Seconds. In a replica database, I have attempted to remove all other indexes but the attribute I am searching for and it still is taking over 6 seconds. Is that to be expected?
Apr 11 10:37:49 slapd[25081]: conn=1000 op=20 SRCH base="ou=FlatOU" scope=1 deref=3 filter="(attr=login102)"
Apr 11 10:37:49 slapd[25081]: conn=1000 op=20 SRCH attr=objectClass
Apr 11 10:37:55 slapd[25081]: conn=1000 op=20 SEARCH RESULT tag=101 err=0 qtime=0.000025 etime=6.267130 nentries=1 text=
That shows 6 seconds to return a single entry. Most likely this was after slapd was freshly started and the database not yet in memory. That's not a valid way to measure the response time.
After you start slapd, you'll want to do a query across the entire DIT to ensure it's loaded, and *then* start testing how long it takes to get a response.
Also, I suggest 1.1 instead of "objectClass", i.e. something like:
ldapsearch ... -b "root of DIT" -s sub "(objectClass=*)" 1.1
I'd also note it is mandatory to index objectClass eq, so if you haven't done that you've failed the first operational requirement. I'd also note that "pres" indices are almost always not desired, see the current documentation for a discussion on it. Additionally, you've failed to note what version of OpenLDAP you're using.
--Quanah