We found an odd issue when using LDAP Admin (www.ldapadmin.org
), which by
defaults uses the paged results control (RFC 2696) to limit search results.
This client initially issues an objectclass=* search with one-level scope
to list the first-level objects/trees on the LDAP DIT, which you can then
browse/expand by clicking on them.
On a large db, we noticed this initial search hits the timelimit, even
though the equivalent command line search is instant. I found the
difference is in using the paged result control:
ldapsearch -s one -E \!pr=100 objectclass=\* objectclass => slow
ldapsearch -s one objectclass=\* objectclass => fast
The slapd stats+trace logging of each is in attachment. Notice the large
number of objects being skipped with "scope not okay" in the first, where
this does not happen in the second. This slows down the search, and on a
very large db, makes it exceed the configured 60 seconds timelimit.
A third variant, setting the sizelimit explicitly, avoids the issue:
ldapsearch -s one -E \!pr=100 -z 100 objectclass=\* objectclass => fast
Is this expected behaviour?
geert.hendrickx.be :: geert(a)hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!