Hi members, I'm running openLdap 2.3.43 on CentOS 5.3. At the moment queries that return one entry of 20 take between 300ms and 600ms. The objectClass of the objects I query has no influence. The acl rules that allow users to write have also no significant influence on query speed. If I add
index telephoneNumber eq
to my slapd.conf, queries with (telephoneNumber=123) are very fast but return zero results although they should return one.
Any ideas? I'm running out of ideas (Maybe because I'm new to LDAP :) )
Thanks in advance
Jan
--------------------------------------------------------------------------------
Here is my slapd.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
loglevel acl
database bdb suffix "dc=myDomain" rootdn "cn=admin,dc=myDomain" rootpw {SSHA}basdfasdfasdfasdfv
directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=myDomain" write by anonymous auth by self write by * none
access to dn.base="" by users read by dn="cn=admin,dc=myDomain" write
access to dn.exact="dc=myDomain" by * read
access to dn.exact="ou=users,dc=myDomain" by * read
access to dn.sub="ou=users,dc=myDomain" filter=(objectclass=person) by set="user & ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by self read
access to dn.sub="ou=roles,ou=users,dc=myDomain" by set="user & ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
access to dn.sub="ou=configs,dc=myDomain" by * read
access to dn.sub="ou=contacts,dc=myDomain" by set="user & ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
access to dn.sub="ou=roleRights,dc=myDomain" by set="user & ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
--------------------------------------------------------------------------------- And also DB_CONFIG
set_cachesize 0 20097152 0 set_lk_max_objects 1500 set_lk_max_locks 1500 set_lk_max_lockers 1500
On 20/11/2009 16:12, Jan Fricke wrote:
Hi members, I'm running openLdap 2.3.43 on CentOS 5.3. At the moment queries that return one entry of 20 take between 300ms and 600ms. The objectClass of the objects I query has no influence. The acl rules that allow users to write have also no significant influence on query speed. If I add
index telephoneNumber eq
to my slapd.conf, queries with (telephoneNumber=123) are very fast but return zero results although they should return one.
Any ideas? I'm running out of ideas (Maybe because I'm new to LDAP :) )
After adding an index to slapd.conf, you need to stop the LDAP server, run slapindex, and start the server again, in order to build the index file.
Presumably running slapindex will speed up all your searches on indexes attributes.
Thanks in advance
Jan
Here is my slapd.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
loglevel acl
database bdb suffix "dc=myDomain" rootdn "cn=admin,dc=myDomain" rootpw {SSHA}basdfasdfasdfasdfv
directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=myDomain" write by anonymous auth by self write by * none
access to dn.base="" by users read by dn="cn=admin,dc=myDomain" write
access to dn.exact="dc=myDomain" by * read
access to dn.exact="ou=users,dc=myDomain" by * read
access to dn.sub="ou=users,dc=myDomain" filter=(objectclass=person) by set="user& ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by self read
access to dn.sub="ou=roles,ou=users,dc=myDomain" by set="user& ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
access to dn.sub="ou=configs,dc=myDomain" by * read
access to dn.sub="ou=contacts,dc=myDomain" by set="user& ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
access to dn.sub="ou=roleRights,dc=myDomain" by set="user& ([cn=UserManagement,ou=roleRights,dc=myDomain]/member*)" write by * read
And also DB_CONFIG
set_cachesize 0 20097152 0 set_lk_max_objects 1500 set_lk_max_locks 1500 set_lk_max_lockers 1500
openldap-technical@openldap.org
-
Jan Fricke -
Jonathan Clarke