[Samba] Samba 4 LDAP/LDB search speed

Matthieu Patou mat at samba.org
Fri Oct 3 14:29:05 MDT 2014 

On 10/03/2014 01:08 AM, Roel van Meer wrote:
> Matthieu Patou writes:
>
>>> We're still just testing things. We now have maybe 10 users in the 
>>> database, and nothing special at all, no additional anything.
>>> I'm just worried, given the big difference in speed between queries 
>>> in OpenLDAP and queries in Samba 4, that the system won't perform 
>>> very well if Postfix and Zarafa are going to do a lot of LDAP queries.
>>>
>> The internal LDAP server is not super tuned right now, we could cache 
>> some responses for better performance.
>
> Ok, that would be nice.
>
>>> This is on quite ordinary hardware, with an otherwise idle system. 
>>> If I compare it to the values you posted it seems there is a lot of 
>>> room for improvement. That is good. Now the challenge is to find 
>>> where the slowness occurs. :)
>
>> That's not too much surprising and in the same time that's not that bad.
>>
>> When you do --cross-ncs you are bypassing a lot of indexing stuff so 
>> usually you don't want to do that.
>
> Ok, thanks. I did it because Steve Thompson kindly posted test 
> results, and I wanted to match his tests.
>
> What would you say is a good test to do some profiling? Search for a 
> single entry (on indexed attributes) many times?
>
>> So if you want to go further we need to understand what is the 
>> problem really, one way to do so is to recompile your samba with the 
>> developer mode so that we have symbols. Then I would start it with 
>> callgrind and then run your test to see what is the hot point, if you 
>> can share with me the output of callgrind.
>
> We'll try to set up some proper tests and get back to you.
>
>> Also I would tune a bit your request, your request is using indexes 
>> but the first one is quite general so we will end up loading a lot of 
>> objects, instead I would do the most restrictive attribute first and 
>> so on, it shouldn't be too complicated to patch samba to do so as well.
>
> If I understand you correctly, a search filter like
>
> (&(samaccountname=test)(objectclass=user))
>
> is expected to be faster than
>
> (&(objectclass=user)(samaccountname=test))
>
> is that correct? (Provided both objectclass and the samaccountname are 
> indexed, of course.)
>
Indeed, just because the way the indexing works in LDB, I think that if 
an index returns a few entries we stop looking for more indexes as it 
will prove not to be very helpful. Instead it's faster to load the 
records and check that they match the search critieria.

Matthieu.
>


-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list