How to improve LDAP search performance

1. Identify the searches that are slow

Sometimes, it's obvious which ones are slow. During the testing phase, you might immediately discover that a particular ldap search takes a long time to complete.

• Always ensure that the server being tested has a copy of every partition in the tree. Retest after adding all of them.
• • If this is not possible, see the section about indexing that covers this scenario.
• If possible, use one level searches instead of subtree ones. They are usually faster.
• Whenever doing a subtree search, avoid using a presence filter, e.g. "cn=*".
• If you have a thousand or more alias objects, avoid alias dereferencing in the search.

• Proper indexing has the biggest impact on performance.
• See Creating, Deleting and Recreating eDirectory Indexes for the procedure to create them.
• Once you've identified the slow searches, examine the search filter and determine if an index needs to be added.
• Here are two examples:
• • A subtree search with this filter, "title=CEO", takes ten seconds.
  • A value index on title should be added.
    
  • A subtree search with this filter, "sn=*smith*", takes fifteen seconds.
  • A substring index on surname should be added.
• Special steps when a "slow" server doesn't hold every replica.
• • If an index is added to this "slow" server, it will have to be added to a number of additonal ones, as well.
  • Identify each partition which the server doesn't hold.
  • Make sure that every other server in those partitions has the same new index as the "slow" one.
  • Example:
  • • Server A doesn't hold the root partition. Servers B, C and D do.
    • You've added a value index to A to improve performance.
    • You must add the same value index to B, C and D.
    • Note: you must add these indexes even if the search doesn't start at the top of the tree.