[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slow ldapsearch when binddn is not root
On 4/24/08, Aaron Richton <richton@nbcs.rutgers.edu> wrote:
> On Thu, 24 Apr 2008, Alexandre Biancalana wrote:
>
>
> > # time ldapsearch -D
> uid=user,ou=Users,dc=mydomain,dc=com,dc=br -b
> > ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
> > Enter LDAP Password:
> > 101.71s real 0.59s user 0.11s system
> >
> > # time ldapsearch -D cn=root,dc=tempopar,dc=com,dc=br -b
> > ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
> > Enter LDAP Password:
> > 3.13s real 0.53s user 0.08s system
> >
>
> Well, first off, are you always doing user first then root second? Is this
> reproducible, repeatedly, regardless of direction? (Rule out cache priming.)
>
>
> [config'd with a lot of]
>
> > access to
> dn.regex="^(.*,)?ou=Computers,dc=mydomain,dc=com,dc=br$"
> >
>
> This is what I think your real issue is: you have a ton of regex ACLs, and
> I'm guessing you're linked against an inefficient regex library.
>
> I'm not sure exactly what you're doing, but give some thought to:
>
> access to
> dn.subtree="ou=Computers,dc=mydomain,dc=com,dc=br"
>
> perhaps?
Hi Aaron !
I change all dn.regex, to dn.subtree and the slowness go away...
Look this:
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:00 BRT 2008
Enter LDAP Password:
3.85s real 0.64s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
Thu Apr 24 14:07:08 BRT 2008
Enter LDAP Password:
5.00s real 0.56s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:17 BRT 2008
Enter LDAP Password:
6.10s real 0.58s user 0.04s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:25 BRT 2008
Enter LDAP Password:
3.25s real 0.57s user 0.07s system
# date;time ldapsearch -D uid=user,ou=Users,dc=mydomain,dc=com,dc=br
-b ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/nul >
Thu Apr 24 14:07:30 BRT 2008
Enter LDAP Password:
3.03s real 0.56s user 0.07s system
# date;time ldapsearch -D cn=root,dc=mydomain,dc=com,dc=br -b
ou=Users,dc=mydomain,dc=com,dc=br -W -x > /dev/null
Thu Apr 24 14:07:35 BRT 2008
Enter LDAP Password:
2.95s real 0.55s user 0.06s system
Thank you for the hint!
Regards,
Alexandre