Hi, didn't realize you responded to the other questions I had. Responses below. Thanks.
Regards, Carlo Accorsi -----Original Message----- From: Emmanuel Lécharny [mailto:elecha...@gmail.com] Sent: Wednesday, April 11, 2012 10:47 AM To: users@directory.apache.org Subject: Re: Plea for help with search performance Le 4/11/12 4:31 PM, carlo.acco...@ibs-ag.com a écrit : > Hi, we have a project has 80,000 users in one OU. This is a requirement. Hmm, you mean 80 000 entries under ou=something, I guess ? Like : cn=user1, ou=something cn=user2, ou=something ... cn=user80000, ou=something ? > > With guidance from this group, I've tried dozens of combinations of > indexing attributes, setting their cache sizes, increasing the partition > caches, timeout settings, etc. > > We're using the 64 bit java service wrapper and have given the JVM 5GB of > memory. > Despite this, we still have 20+ second response times when searching on > displayName and employeeNumber . > This is consistent with multiple ldap clients. That's not normal. It should be immediate. Can you tell us what kind of request you send to the server ? CA- Logins: Admin bind, search for user's DN, then rebind with user DN and user pass Name pickers: Admin Bind, search like (displayName=Smith*) Here is how I setup my connection. this.strBaseLdapUrl="ldap://"+this.strHostname+":"+Integer.toString(this.intPort); // ... LdapContext ctx = null; Hashtable<String,Object> env=new Hashtable<String,Object>(); env.put(Context.INITIAL_CONTEXT_ "com.sun.jndi.ldap.LdapCtxFactory"); env.put("java.naming.ldap.version","3"); env.put(Context.PROVIDER_URL,this.strBaseLdapUrl); try{ ctx = new InitialLdapContext(env,null); }.. Then for the search.. SearchControls srcCtrl = new SearchControls(); srcCtrl.setSearchScope(SearchControls.SUBTREE_SCOPE); srcCtrl.setCountLimit(intResultCount); srcCtrl.setTimeLimit(this.intTimeLimit); List<NamingEnumeration> lstNames= new ArrayList<NamingEnumeration>(); List<String> lstBases= new ArrayList<String>(); String strNameFilter= "(employeeNumber=" + strName + ")"; //System.out.println(strNameFilter); // if subtree is empty search internal and external String strSubtree = DirectoryAdapterMap.getSuffixByType(intType); String[] arrBases; if (DirectoryAdapterMap.isNullOrEmpty(strSubtree)){ // search both. arrBases = new String[]{strInternalBase,strExternalBase}; } else { arrBases = new String[]{strSubtree}; } for (String strBase:arrBases) { // for all base DN's, but often there's only one neDns=this.daLdapCtx.search(strBase,strNameFilter,srcCtrl); // <-- search here. if ((neDns!=null)&&(neDns.hasMore())){ lstNames.add(neDns); lstBases.add(strBase); } } //check for a result, then //RDN = (uid=123456789) SearchResult srchResult = (SearchResult)lstNames.get(0).next(); strResultDn = getDn(srchResult,lstBases.get(0)); // this assembles the DN from the RDN private String getDn(SearchResult si, String strTree) throws DirectoryAdapterException { String strDn = ""; if (si.isRelative()){ //no method si.getFullName()?? strDn = si.getName() + (strTree.trim().length() > 0 ? "," + strTree : ""); } else { strDn = si.getName(); } return strDn; } Also what kind of network configuration are you going through (firewall, etc). It would be interesting to see if you get the same 'level' of (un)performance if you do the search on the server. CA - Hosts all on same subnet, no firewalls. No real difference if I perform the search localhost or on remote host on same net. > > Every time we've made configuration or index changes, it's been to a clean > empty system and then we load our LDIF file with the 80k users. > > You've all been very helpful to us but we're backed into wall with this. > The response times are unacceptable and we don't know what else we can do. Yeah, I understand. It's definitively not acceptable, and we never had such performances on our tests, even with 5 000 000 entries under one single branch. CA - WOW, ok I am doing something wrong. > > Could someone provide us with an idea of how to configure the system > to get the best performance when searching for displayName and > employeeNumber? The displayName lengths are up to 80 characters, the > employeeNumber is 25. The best thing is certainly to index those two attributes. You might also face a bug. Which version of the server are you using ? CA - For unit testing, we've largely been working off the trunk. For this server, we decided to install 2.0.0-M6 so that I would have a known packaged release in our production server. The only modifications have been the 64bit wrapper.exe, wrapper.dll and wrapper.jar. Thanks ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
