Or should I not care what the answer to that question is and just set nsslapd-idlistscanlimit to a million and be happy?
Hi,
I'm hoping somebody can tell me where I might look to find why this is happening…
We're running 389-Directory/1.2.11.15 B2014.300.2010
I have two ldapsearch queries that only vary in searchbase, one which is taking too long. (Times don't vary much with consecutive executions.)
ou=PEOPLE has just under 700,000 entries. Search takes 0-3 seconds.
ou=STUDENTS,ou=RECORDS has just under 6000 entries. Search takes 123-126 seconds.
There are no attributes used in ou=STUDENTS,ou=RECORDS that aren't also used in ou=PEOPLE.
Two sample executions and log output:
[user@workstation ~]$ ldapsearch -x -LLL -H
ldaps://ldap.example.com:636 -b ou=STUDENTS,ou=RECORDS,dc=example,dc=com -D cn=Directory\ Manager -w password -s one -z 5 'cn=*' dn
… 5 entries returned …
[user@workstation ~]$
[root@server slapd-ldap1]# grep conn=33505 access
[16/Feb/2017:16:31:37] conn=33505 fd=96 slot=96 SSL connection from IP1 to IP2
[16/Feb/2017:16:31:37] conn=33505 SSL 256-bit AES
[16/Feb/2017:16:31:37] conn=33505 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[16/Feb/2017:16:31:37] conn=33505 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[16/Feb/2017:16:31:37] conn=33505 op=1 SRCH base="ou=STUDENTS,ou=RECORDS,dc=example,dc=com" scope=1 filter="(cn=*)" attrs="distinguishedName"
[16/Feb/2017:16:33:40] conn=33505 op=1 RESULT err=4 tag=101 nentries=5 etime=123 notes=A
[16/Feb/2017:16:33:40] conn=33505 op=2 UNBIND
[16/Feb/2017:16:33:40] conn=33505 op=2 fd=96 closed - U1
[root@server slapd-ldap1]#
[user@workstation ~]$ ldapsearch -x -LLL -H
ldaps://ldap.example.ca:636 -b ou=PEOPLE,dc=example,dc=com -D cn=Directory\ Manager -w password -s one -z 5 'cn=*' dn
… 5 entries returned …
[user@workstation ~]$
[root@server slapd-ldap1]# grep conn=33578 access
[16/Feb/2017:16:38:43] conn=33578 fd=96 slot=96 SSL connection from 142.103.30.27 to 10.7.128.16
[16/Feb/2017:16:38:44] conn=33578 SSL 256-bit AES
[16/Feb/2017:16:38:44] conn=33578 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[16/Feb/2017:16:38:44] conn=33578 op=0 RESULT err=0 tag=97 nentries=0 etime=1 dn="cn=directory manager"
[16/Feb/2017:16:38:44] conn=33578 op=1 SRCH base="ou=PEOPLE,dc=example,dc=com" scope=1 filter="(cn=*)" attrs="distinguishedName"
[16/Feb/2017:16:38:44] conn=33578 op=1 RESULT err=4 tag=101 nentries=5 etime=0 notes=A
[16/Feb/2017:16:38:44] conn=33578 op=2 UNBIND
[16/Feb/2017:16:38:44] conn=33578 op=2 fd=96 closed - U1
[root@server slapd-ldap1]#
Help? This is driving me nuts… Where can I look to find out why this might be happening?
Thanks,
Anthony
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx