slow ldap search with effective rights

Jan Kowalsky jankow at datenkollektiv.net
Thu Jan 15 10:48:18 CET 2015 

Hi Brian,

thanks for answer.

Am 12.01.2015 um 18:35 schrieb Shaw, Brian:>
>
> Jan,
>
>  Do you have any attribute indexes enabled in any of your environments?

No. not yet. It's an default kolab-setup of 389-ds. But what I realized:

if the bind-user resides in the same database as the search base is,
it's much faster:

/usr/lib/mozldap/ldapsearch -x -h ldap -p 389 -b
'ou=Resources,dc=example,dc=com' -D 'uid=registration-service,ou=Special
Users,dc=example,dc=com' -w PASSWD -J
'1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=registration-service,ou=Special
Users,dc=example,dc=com' -s base "(objectclass=*)" "*"

works fine, while


/usr/lib/mozldap/ldapsearch -x -h ldap -p 389 -b
'ou=Resources,dc=example,dc=com' -D 'uid=registration-service,ou=Special
Users,dc=primar-domain,dc=com' -w PASSWD -J
'1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=registration-service,ou=Special
Users,dc=primary-domain,dc=com' -s base "(objectclass=*)" "*"

is very slow.

Well, I'm afraid it will take some time until I get a deep insight into
directory server.

So I found at least a solution. I just added the bind-user in the right
database.

Regards
Jan



> On 2015-01-09 4:03 pm, Jan Kowalsky wrote: 
> 
>> Hi all,
>>
>> maybe some of the ldap experts on the list can help me:
>>
>> I have a query with effective rights from inside an registration form
>> (it's the "hosted-kolab" registration form which ships with kolab).
>>
>> The query is:
>>
>> /usr/lib/mozldap/ldapsearch -x -h ldap.datenkollektiv.net -p 389 -b
>> 'ou=Resources,dc=example,dc=com' -D 'uid=registration-service,ou=Special
>> Users,dc=datenkollektiv,dc=net' -w PASSWD -J
>> '1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=registration-service,ou=Special
>> Users,dc=primary-domain,dc=com' -s base "(objectclass=*)" "*"
>>
>> The Output is:
>>
>> dn: ou=People,dc=example,dc=com
>> objectClass: top
>> objectClass: organizationalunit
>> ou: People
>> entryLevelRights: vad
>> attributeLevelRights: objectClass:rsc, aci:rsc, ou:rsc,
>> businessCategory:rsc,
>> description:rsc, destinationIndicator:rsc,
>> facsimileTelephoneNumber:rsc, int
>> ernationalISDNNumber:rsc, l:rsc, physicalDeliveryOfficeName:rsc,
>> postalAddre
>> ss:rsc, postalCode:rsc, postOfficeBox:rsc, preferredDeliveryMethod:rsc,
>> regi
>> steredAddress:rsc, searchGuide:rsc, seeAlso:rsc, st:rsc, street:rsc,
>> telepho
>> neNumber:rsc, teletexTerminalIdentifier:rsc, telexNumber:rsc,
>> userPassword:r
>> sc, x121Address:rsc
>>
>> This query tooks from one to a couple of seconds with the effect that
>> the webpage frontend with the register form is very slow (there are 14
>> queries like this).
>>
>> On an test-server which is widely configured the same the query is very
>> fast. The same query on my productive server for my primary domain also.
>> It's a small tree with a couple of hundreds entries.
>>
>> Any idea?
>>
>> Thanks and regards
>> Jan
>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users [1]
>  
> 
> Links:
> ------
> [1] https://lists.kolab.org/mailman/listinfo/users
> 
> 
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>

More information about the users mailing list