[Samba] Samba 4 LDAP/LDB search speed

Roel van Meer roel at 1afa.com
Fri Oct 3 02:08:56 MDT 2014 

Matthieu Patou writes:

>> We're still just testing things. We now have maybe 10 users in the database,  
>> and nothing special at all, no additional anything.
>> I'm just worried, given the big difference in speed between queries in  
>> OpenLDAP and queries in Samba 4, that the system won't perform very well if  
>> Postfix and Zarafa are going to do a lot of LDAP queries.
>>
> The internal LDAP server is not super tuned right now, we could cache some  
> responses for better performance.

Ok, that would be nice.

>> This is on quite ordinary hardware, with an otherwise idle system. If I  
>> compare it to the values you posted it seems there is a lot of room for  
>> improvement. That is good. Now the challenge is to find where the slowness  
>> occurs. :)

> That's not too much surprising and in the same time that's not that bad.
>
> When you do --cross-ncs you are bypassing a lot of indexing stuff so usually  
> you don't want to do that.

Ok, thanks. I did it because Steve Thompson kindly posted test results, and I  
wanted to match his tests.

What would you say is a good test to do some profiling? Search for a single  
entry (on indexed attributes) many times?

> So if you want to go further we need to understand what is the problem  
> really, one way to do so is to recompile your samba with the developer mode  
> so that we have symbols. Then I would start it with callgrind and then run  
> your test to see what is the hot point, if you can share with me the output  
> of callgrind.

We'll try to set up some proper tests and get back to you.

> Also I would tune a bit your request, your request is using indexes but the  
> first one is quite general so we will end up loading a lot of objects,  
> instead I would do the most restrictive attribute first and so on, it  
> shouldn't be too complicated to patch samba to do so as well.

If I understand you correctly, a search filter like

(&(samaccountname=test)(objectclass=user))

is expected to be faster than

(&(objectclass=user)(samaccountname=test))

is that correct? (Provided both objectclass and the samaccountname are  
indexed, of course.)

Thanks a lot,

Roel

More information about the samba mailing list