LDAP Search Speed

[Johan Kotze]

Hi

I need to get a feel for the speed of our Novell LDAP server. A sub-tree
query for the following (&(objectclass=*)(cn=XXXXX)) takes about 15 seconds
to respond. We have 22000 objects in the tree and the server is a dual 2GHz
P4 with 2GB memory. The DIB size is 103MB. The NDS Cache is 430MB for block
and 430MB for entry and the cache hit ration is 99%. If you do a LDAP query
for a single object it is lightning fast (sub second). Only the searches
are taking long - is this normal or is something wrong ?

Thanx

Johan Kotze

[Richard Beels [SysOp]]

if CN is indexed on the server (all of them?) you're hitting with your
LDAP query, then there's not much you can do. I would try hitting some
of the sub-containers and see if the response time correlates to the
numer of users/objects being searched.

Speed can also be affected by what attributes you're returning.

--
Cheers!
Richard Beels
http://www.dsi-consulting.com
Collaboration without complication

[Jeffrey Johnson]

That is way slow---our 82,000 users takes less than a second. does the
server hold local replicas? even then it should not take that long,,,,,do a
dstrace so we can verify the CN index is being used and post it....note if
your ldap is still decoding remove any passwords from the trace.

"Johan Kotze" <kkotze@boebank_.co.za> wrote in message
news:2pRPb.3664$P5....@prv-forum2.provo.novell.com...

[David Gersic]

On Thu, 22 Jan 2004 14:48:30 GMT, Johan Kotze <kkotze@boebank_.co.za> wrote:

>I need to get a feel for the speed of our Novell LDAP server. A sub-tree
>query for the following (&(objectclass=*)(cn=XXXXX)) takes about 15 seconds

A long time ago, a friend pointed out that searches combined like that are
processed sequentially. You're asking for all objects (objectClass=*), then the
subset of all objects than have "CN=xxxxx". In this case, it might be faster to
ask for "CN=xxxxxx", since you don't care what the objectClass is anyway.

I'm not sure if this is still true for current versions, I recall this being
over a year ago, with whatever version(s) were current at the time.

---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.

[Jeffrey Johnson]

I ran into some problems on the edir87 beta where speed would be very
unpredictable if objectclass was in the query and you had not indexed
it(which is the default). Hopefully this guy will post his dstrace and we
can see if it is picking up the CN index.

--
Jeffrey Johnson MCNE, CDE
Georgia State University

"David Gersic" <dgersic_@_niu.edu> wrote in message
news:40158f05...@support-forums.novell.com...

[Richard Beels [SysOp]]

i recall that NOT (!) searches bypassed indexes but your point about
the combo searches is a good one too...

[Johan Kotze]

Hi

What do you want me to trace ? A list of the options to DSTRACE will be
nice :-).

Regards

Johan Kotze

[Jeffrey Johnson]

+LDAP +RECM,,,using the DSTRACE.nlm---not set dstrace...also you need to
make sure you ldap object has all the screen traces on.

--
Jeffrey Johnson MCNE, CDE
Georgia State University

"Johan Kotze" <kkotze@boebank_.co.za> wrote in message

news:hAJRb.1468$Wh....@prv-forum2.provo.novell.com...

[Johan Kotze]

Jeffrey

The trace file is 750KB. Can I send it to you via e-mail. You can contact
me at Johan.Kotze@_santam_._co_._za. Just remove the underscores.

Thanx

Johan Kotze

[Jeffrey Johnson]

I just sent you email,,,run the trace again with the +TIME flag added as
well.

"Johan Kotze" <kkotze@boebank_.co.za> wrote in message

news:7V2Sb.2558$Wh....@prv-forum2.provo.novell.com...