My very first guess is that openLDAP does access checking for every entry and attribute that matches your filter criteria. rootDN is probably checked first and fastest...
>>> "Jancewicz, Russell" <[email protected]> schrieb am 06.11.2013 um 19:48 in Nachricht <[email protected]>: > Hello, > > I am experiencing a bit of an issue with mdb network traffic. > When I request large queries (entire subtrees) from remote hosts my searches > take hundreds of times longer to complete than they do if I search on the > local machine (in all expect for one case). > > I have attempted to tune the kernel network settings, adjusted tx buffer > sizes all to no avail. > > Just before turning to this list i gave one last shot in the dark attempt > running my query using the rootDN. This produced the expected results. > > When queried with a typical account DN my system was transmitting around > 2.0Mbps to the remote client. > When queried with the rootDN my system was transmitting around 100Mbps to > the client. > > The system has an olcLimits rule allowing unlimited time and size to the > account "typical account" I was testing with. > ' olcLimits: dn.children="ou=accounts,dc=example,dc=com" time=unlimited > size=unlimited ' > > Clearly the server is capable of serving data to the remote machine at > 100Mbps (given that the rootDN has done so) > > I cannot for the life of me find a configuration option or setting would > should be impacting the transmission bandwidth of searches. > Any help or advice of where I should be looking would be greatly > appreciated. > I have included the relevant cn=config information below. > > Thank you, > -Russell J. Jancewicz > University of Connecticut > > OpenLDAP: slapd 2.4.36 (Sep 19 2013 11:16:48) $ > > dn: olcDatabase={1}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: mdb > olcDbDirectory: /srv/ldap/example.com > olcSuffix: dc=example,dc=com > # ... olcAccess > olcLimits: > {0}dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" > time=unlimited size=unlimited > olcLimits: {1}dn.children="ou=accounts,dc=example,dc=com" time=unlimited > size=unlimited > olcRootDN: cn=root,dc=example,dc=com > olcDbCheckpoint: 512 30 > olcDbNoSync: FALSE > olcDbMaxSize: 8589934592
