On Fri, 2017-02-17 at 00:54 +0000, Winstanley, Anthony wrote: > Hi, > I'm hoping somebody can tell me where I might look to find why this is happening... > We're running 389-Directory/1.2.11.15 B2014.300.2010 > > I have two ldapsearch queries that only vary in searchbase, one which is taking too long. (Times don't vary much with consecutive executions.) > ou=PEOPLE has just under 700,000 entries. Search takes 0-3 seconds. > ou=STUDENTS,ou=RECORDS has just under 6000 entries. Search takes 123-126 seconds. > There are no attributes used in ou=STUDENTS,ou=RECORDS that aren't also used in ou=PEOPLE. Both of those queries are notes=A. This means they are fully unindexed! Please add indexes for the filter used in the search terms, then run db2index to make sure they are updated and inplace. That will probably help you a lot .... > > Two sample executions and log output: > > > [user@workstation ~]$ ldapsearch -x -LLL -H ldaps://ldap.example.com:636 -b ou=STUDENTS,ou=RECORDS,dc=example,dc=com -D cn=Directory\ Manager -w password -s one -z 5 'cn=*' dn > > ... 5 entries returned ... > > [user@workstation ~]$ > > [root@server slapd-ldap1]# grep conn=33505 access > > [16/Feb/2017:16:31:37] conn=33505 fd=96 slot=96 SSL connection from IP1 to IP2 > > [16/Feb/2017:16:31:37] conn=33505 SSL 256-bit AES > > [16/Feb/2017:16:31:37] conn=33505 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > > [16/Feb/2017:16:31:37] conn=33505 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > > [16/Feb/2017:16:31:37] conn=33505 op=1 SRCH base="ou=STUDENTS,ou=RECORDS,dc=example,dc=com" scope=1 filter="(cn=*)" attrs="distinguishedName" > > [16/Feb/2017:16:33:40] conn=33505 op=1 RESULT err=4 tag=101 nentries=5 etime=123 notes=A > > [16/Feb/2017:16:33:40] conn=33505 op=2 UNBIND > > [16/Feb/2017:16:33:40] conn=33505 op=2 fd=96 closed - U1 > > [root@server slapd-ldap1]# > > > > > > [user@workstation ~]$ ldapsearch -x -LLL -H ldaps://ldap.example.ca:636 -b ou=PEOPLE,dc=example,dc=com -D cn=Directory\ Manager -w password -s one -z 5 'cn=*' dn > > ... 5 entries returned ... > > [user@workstation ~]$ > > [root@server slapd-ldap1]# grep conn=33578 access > > [16/Feb/2017:16:38:43] conn=33578 fd=96 slot=96 SSL connection from 142.103.30.27 to 10.7.128.16 > > [16/Feb/2017:16:38:44] conn=33578 SSL 256-bit AES > > [16/Feb/2017:16:38:44] conn=33578 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > > [16/Feb/2017:16:38:44] conn=33578 op=0 RESULT err=0 tag=97 nentries=0 etime=1 dn="cn=directory manager" > > [16/Feb/2017:16:38:44] conn=33578 op=1 SRCH base="ou=PEOPLE,dc=example,dc=com" scope=1 filter="(cn=*)" attrs="distinguishedName" > > [16/Feb/2017:16:38:44] conn=33578 op=1 RESULT err=4 tag=101 nentries=5 etime=0 notes=A > > [16/Feb/2017:16:38:44] conn=33578 op=2 UNBIND > > [16/Feb/2017:16:38:44] conn=33578 op=2 fd=96 closed - U1 > > [root@server slapd-ldap1]# > > > Help? This is driving me nuts... Where can I look to find out why this might be happening? > > Thanks, > Anthony > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
