Quanah,

                Thanks for the response!  I added ObjectClass eq and changed Attr to Attr eq (removed pres) and my search time is 10000 faster!  Etime is now 0.00066

 

Thanks!

 

Bradley Gill

 

From: Quanah Gibson-Mount <quanah@fast-mail.org>
Sent: Tuesday, April 11, 2023 5:05 PM
To: Bradley T Gill <bgill@aep.com>; openldap-technical@openldap.org
Subject: [EXTERNAL] Re: Slow Search?

 

--On Tuesday, April 11, 2023 3:56 PM +0000 Bradley T Gill <bgill@aep.com> 

wrote:

> 

> 

> I have an  ou with 3.2M users.  Doing a simple search of 1 attribute with

> a scope of 1 and a base of that flat ou is taking 6.2 Seconds.   In a

> replica database, I have attempted to remove all other indexes but the

> attribute I am searching for and it still is taking over 6 seconds.  Is

> that to be expected?

> 

> 

> 

> Apr 11 10:37:49 slapd[25081]: conn=1000 op=20 SRCH base="ou=FlatOU"

> scope=1 deref=3 filter="(attr=login102)"

> 

> Apr 11 10:37:49 slapd[25081]: conn=1000 op=20 SRCH attr=objectClass

> 

> Apr 11 10:37:55 slapd[25081]: conn=1000 op=20 SEARCH RESULT tag=101 err=0

> qtime=0.000025 etime=6.267130 nentries=1 text=

That shows 6 seconds to return a single entry.  Most likely this was after 

slapd was freshly started and the database not yet in memory.  That's not a 

valid way to measure the response time.

After you start slapd, you'll want to do a query across the entire DIT to 

ensure it's loaded, and *then* start testing how long it takes to get a 

response.

Also, I suggest 1.1 instead of "objectClass", i.e. something like:

ldapsearch ... -b "root of DIT" -s sub "(objectClass=*)" 1.1

I'd also note it is mandatory to index objectClass eq, so if you haven't 

done that you've failed the first operational requirement.  I'd also note 

that "pres" indices are almost always not desired, see the current 

documentation for a discussion on it.  Additionally, you've failed to note 

what version of OpenLDAP you're using.

--Quanah