UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Absent Member.
Absent Member.
4234 views

LDAP search on a custom attribute

Hi,
I added an auxiliairy class with some custom attributes, and all our students (about 10000 accounts) have these attributes. We have an application that searches LDAP on one of these custom attributes and in many cases it takes over 2 minutes for the answer.

I have read How to Supercharge LDAP Searches with NDS eDirectory Indexes and used the Index tab for the LDAP server's object to create an index on this attribute (done yesterday) but it does not help.

Any ideas?
Labels (1)
0 Likes
9 Replies
Absent Member.
Absent Member.

Hi,

On 08/24/11 15:16, lem9 wrote:

> I added an auxiliairy class with some custom attributes, and all our
> students (about 10000 accounts) have these attributes. We have an
> application that searches LDAP on one of these custom attributes and in
> many cases it takes over 2 minutes for the answer.
>
> I have read 'How to Supercharge LDAP Searches with NDS eDirectory
> Indexes'
> (http://support.novell.com/techcenter/articles/ana20000705.html) and
> used the Index tab for the LDAP server's object to create an index on
> this attribute (done yesterday) but it does not help.


Did your application query the server on which you created the new indexes?

Peter
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And how does your application query those attributes? Also, was your
index a 'Value' index or something else? Having the LDAP filter's
output from dstrace would be interesting to see the query query
happening after enabling all of the Screen/Trace options on the
appropriate LDAP Server object.

Good luck.


- --
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOVQsZAAoJEF+XTK08PnB5JcAQAI9bqTzEjVKLB98pAtJaIZvA
91eTjU/E3A7oXYbVXu5XPl7WqrTspTIwMrn51S/15tmRNHRgWQsWwaXSwbhwuSMr
MdQ0iEJCeoqJrnSbkOMD97jodZ69r/1iasfBOOLG+VcqOLbY1MWii3xu7Ql/c2JM
L0aY0H7Y4Cc5Hgt3tTCtZLImX5/9wOA7hnS7sde+hLC3dfBYOypa2Oyqv2zmTmIk
SDFi0FhzffzA1RiJndtl7DKTn8hQb3vmyQs8ThFqIHrlhQOzYnLT8dB7ZifaY8kU
axoPUHTLNlamZ1gie/U71pVxxdp4usk/VLcGzan5CLgZ8Z69/3GgoIr5dE+9dBoi
/OzshjID64k46R1OddPapK9vHuZVcGuF7mdqYC3PY+5C4VFNL7G3Znm1XHW8eiJW
bEmDMepXxxIqAR+5pt22Ru/Fxt3l6grZqaV5d9O9ScL06kpiwfNmneXajYmssQQr
/odJwZZPtMVGuwi8EiyUIcxcEpI9yFN8vlmttyifu0GKGCtbECjEJjh6+8qXM1Q+
CxQUvJJ82JMhVCMy24gCk8G8tZJOXiClu6ZUZCQq3i+eXfm1jIZ0iSFol8PScAvp
LqFtkMTD+Kf33MsWDXCMhG85vWmfZMcIyymIJAZJs1JsGYlpsDju/xsbQX16N7w+
JAn5k53UPP1UZKYu6Uuk
=kCPG
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

Yes, it's the same server.
0 Likes
Absent Member.
Absent Member.

Hi,
here is what Wireshark shows for one query (on port 389):

LDAPMessage searchRequest(2) "o=college" wholeSubtree
messageID: 2
protocolOp: searchRequest(3)
searchRequest
baseObject: o=college
scope: wholeSubtree (2)
derefAliases: derefFindingBaseObj (2)
sizeLimit: 0
timeLimit: 0
typesOnly: false
Filter: (koha-numero-carte=0011021257)
filter: equalityMatch (3)
equalityMatch
attributeDesc: koha-numero-carte
assertionValue: 0011021257
attributes: 0 items


I have defined a "value" index.

About DSTRACE, I tried this:
LOAD DSTRACE
DSTRACE -ALL
DSTRACE +LDAP
DSTRACE +TIME
DSTRACE FILE ON

Is is what you meant?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How many aliases do you have in your tree? Does the server you queried,
which has the index defined, have replicas of the entire tree or does it
need to talk to other servers to find all valid objects?

Good luck.

- --
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOVTxhAAoJEF+XTK08PnB5PN4P/il3FG2MrmsAUPme7q2VX4Qa
BAwWLslvM2M8GxSzA2g0vAAiTv1licHFCR0xUQ3n/K8WMGslhyD/0Ucg851sPTiK
nlNIk8IH+qnDIDfBbuPMXgddgzFD2secxtnqC1gVoH9+NXg9qCvBZzq5GTBiX91M
StsYRETMnetI7PTQI31D4BUV/pL3H/NTZMiEjSgeDpVVHdly7qyqFY+DLvUi0qPV
+ZHZrQUTDccZWgEnmGscT5ckK25ml5PXqUypwmxfrJ71qH91W+LDTZxqmQhUfV6N
BHo55E/RfWCMBGt7b2TMADyuYphidcHjVfXJS4d9+iuVXnpUoqqAeOXTRoVDKUGN
Ey46vaz1SD/R4l4uzypwwtEKJBLB/w66H1oBlEEWcDsIvL+3Jv3lVTuS+k1XrYQ3
COwqJ9AEYxNJayXrffGotVeSuqohoAv1AXWhlu4izpWbWu2Y1VfcVqAdVARLIu5B
yBtQRIQ/SIZRklgtn+HVZk0e7VPsOANhnKxXCpx2J8PGihrqyDJ6HJvYYRkRVaO5
9tPGoI8rS/0HgyWHQ2nx8AH9Wjy9UARrOoZdF9YulwLTtnZDwbfXUoMoN6TJLC18
UrN89C+qwzpqC1CD/K1it1LSrRoU3B9YJIXfDEq59uyPQS+RRzCciG9uO3YIqJhS
G9H0fjtil04F4zTZc/6t
=ptoZ
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

I have not defined any aliases in the tree, but maybe there are some defined indirectly; how can I verify?

The LDAP server on which I defined an index and which is queried, needs to talk to other servers (it does not have a replica of the partitions where users are defined).
These other servers holding replicas of users partitions are in the same LAN.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh.... well, if the server doesn't have replicas then it's a terrible
place to point traffic requiring data. Point your LDAP client (whatever
is querying those attributes) to something with replicas, preferably of
the entire tree, and add an index on that box.

An index can only index what is locally available, not what may or may
not exist on other servers. I'd bet that your query hits your server
which then needs to talk to other machines (lacking indexes) over the
wire (slow) for however many servers are required to eventually cover
the entire tree. All in all, a recipe for slowness.

Good luck.



- --
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOVURWAAoJEF+XTK08PnB5yYAP/AjYfea2DIlBFOuC3RuJjMhM
df1cMNX09APTKsCVrKtOpBpoZ8xp02mkW/5m4iPWWfcJ0B5KfaOCEkgcumLXEbZr
Luq5BuvYQxLpa35MzxEzumLogXsKsozUQIirDz8QkqnFihB8ahJdLp5WoRH8JxWk
I8PP/JXJE3mou3QLu9a17OoDy96gSIPcXyYTrl3Ra5loPsuxntpy+85zyxrt4gS0
5fBSAmRV4+4RTFl6DdBhgRrZdEq+4P9eNxz4iW+3tWHDWrBAlxaQmwUKyUaKQ0xw
Usnuk68sDB4UakX9D77qOJ1J1qM6RUuvbgJNnfACTJRrKETrYPQKyFmQBk4djVwU
7Ged0LL4MT/T6Chd7pK9XSNRMBLhQnbZXvqlqHgeXtNbV/JVIhEMem86jC2n7mXh
eIYfklyVZr31Ux2SPBUnimAQfESC4UwyYR0h/kbWY8+2tMHFNZad4I3jG7lmjML/
HfOgrCyM4kJSR/83ILpNoPTC6XHl3VbH9r5ICq+8K1/NPzgcQ/z5eWpmFXyOUvXA
+6yO9jarICNHQv78J22bldUf+VaFcNuZj2KfGsfk11WAKWc+KmfMMROTp8sgHSjZ
7Gs+8aBDpUTlRdEZJilhW90TX32oFqiyoHpX8mFfyiS0C32uFG39IuhikaTyAYLE
NGOkobN11OPHwM1EXFgr
=Z+z+
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

You have found my problem, thanks!
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On Wed, 24 Aug 2011 18:16:02 +0000, lem9 wrote:

> The LDAP server on which I defined an index and which is queried, needs
> to talk to other servers (it does not have a replica of the partitions
> where users are defined).


Define your index on all servers, then. The local server isn't the one
doing the search, so the index you defined isn't doing any good.

Hint: You can export the index via LDAP, then import it via LDAP using
the other server objects' DNs. That makes setting these up a lot quicker
if you have a lot of servers.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.