Highlighted
Robert_W_Brandt Absent Member.
Absent Member.
2504 views

Slow LDAP responses but only for some users

So I have a a strange problem. If I run a ldap search using the filter:
(&(objectClass=someObject)(mail=*)(someAttribute=1)(member=cn\3Dme\2Cou\3DIT\2Co\3Dcompany))

I get a very quick response, but if I run the same filter with a minor change:
(&(objectClass=someObject)(mail=*)(someAttribute=1)(member=cn\3Dtestuser\2Cou\3DTest\2Co\3Dcompany))

It takes up to 4 seconds to respond?

This might not seem like a long time, but with multiple queries, the end application slows down to a crawl.

The only difference between the two queries is the container the "member" is in??

Thanks
Bob
Labels (2)
Tags (3)
0 Likes
11 Replies
Micro Focus Expert
Micro Focus Expert

Re: Slow LDAP responses but only for some users

Hi Bob,

Um... basic question... partitioning and replica placement..... does the server in question have a replica containing the "slow" container?

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Robert_W_Brandt Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

Sorry should have stated that the server in question has a r/w replica of every partition.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Slow LDAP responses but only for some users

Hi,

No problem - sorry for asking such a basic question! Sometimes that where we find the answers.

Good luck further.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
peterkuo Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

Is the member attribute indexed?

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
Robert_W_Brandt Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

peterkuo;2292960 wrote:
Is the member attribute indexed?


One of the first things I checked. 🙂

The member attribute is indexed by default by the system.

I added a member indexing just for presence and also added an index for the someAttribute attribute. Neither action made a difference.
0 Likes
peterkuo Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

Is any of the group a dynamic group?

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
peterkuo Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

BTW, have you looked at the ldap trace for both instances?

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
Robert_W_Brandt Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

No apologies necessary! You're right, most problems have simple solutions that just need another perspective to highlight. 🙂

Bob
0 Likes
Robert_W_Brandt Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

peterkuo;2293131 wrote:
Is any of the group a dynamic group?

Yes, there was a dynamic group in the mix. But both were users were members of the same dynamic group.

peterkuo;2293132 wrote:
BTW, have you looked at the ldap trace for both instances?

I didn't do this as I was pointing at the main LDAP server. Any LDAP trace would have been lost in the confusion.

I did point the client machine to a test server which didn't have a partitions or anyone else using it so I could see a trace and I found that the speed difference when away???

The obvious conclusion is that the main server is too busy, but I have duplicated these searches myself through other clients and I can't duplicate the results. All in all this is very confusing!

Debugging on the application side clearly shows how long each ldap query takes for each user. But I can't replicate the problem using a different client. Also if I point the application to another server (which doesn't have a replica of the partition and should be slower) the problem goes away??

Bob
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Slow LDAP responses but only for some users

Hi Bob,

Just a thought... on the server that is slow, if you go into iMonitor | Agent Configuration | Database Cache - what % of your requests are being served from cache?

I don't know enough about your setup and how big your eDir databases are, but it could be that there is not enough memory for eDir caching on the server if left at default settings.

Servers without replicas will create External References for each object looked up against that server. This information is cached directly on the server and that could be the reason why your test server is quick.

Anyways - as I said, this is just a thought!

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
peterkuo Absent Member.
Absent Member.

Re: Slow LDAP responses but only for some users

Just for clarification, when you say "client," do you mean different software, such as ldapsearch or an LDAP Editor, or do you mean different DN that you were searching against?

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.