N
nca
I'm querying Active Directory with a simple LDAP query such as :
base: ou=persons,DC=mydir,DC=fr
filter: (myOrganization=ou=2001,ou=organizations,DC=mydir,DC=fr)
returning attributes : cn
Under ou=persons,DC=mydir,DC=fr, there are 62000 entries of the same
objectclass representing a person, having the attribute
myOrganization, which contains the DN of the organization of the
person
This query returns 116 persons entries as result. The problem is that
it takes approximately 10 seconds to answer (this time is the one
given in the LDAP event generated in the event viewer).
The myOrganization attribute is indexed (the box "Index this
attribute" is checked when browsing the Active Directory schema), so i
'd expect this query to answer almost instantaneously.
I have also activated more logs (see thread with subject "logs that
contains LDAP accesses to Active Directory" in this newsgroup, thanks
to Tony Muray for his response) and there is an event saying that the
62000 entries were "visited" and 116 were returned. So it seems that
the index is not used or is useless.
The strange thing is that a similar query with another indexed
attribute of the person class :
(mySite=cn=CRFG,ou=sites,DC=mydir,DC=fr), returns almost
instantaneously 21 entries and there is an event saying that 62
entries were scanned and 21 returned. So in this case the index is
used.
When comparing the two attributes myOrganization and mySite, wich are
both indexed, both of type Distinguished Name, the only difference is
that myOrganization is single-valued.
Is there a different behavior between single-valued and multi-valued
attributes ?
Are there some server parameters or thresholds that should be modified
?
Is there a known bug ?
Any help or comment is appreciated
Nicolas C.
base: ou=persons,DC=mydir,DC=fr
filter: (myOrganization=ou=2001,ou=organizations,DC=mydir,DC=fr)
returning attributes : cn
Under ou=persons,DC=mydir,DC=fr, there are 62000 entries of the same
objectclass representing a person, having the attribute
myOrganization, which contains the DN of the organization of the
person
This query returns 116 persons entries as result. The problem is that
it takes approximately 10 seconds to answer (this time is the one
given in the LDAP event generated in the event viewer).
The myOrganization attribute is indexed (the box "Index this
attribute" is checked when browsing the Active Directory schema), so i
'd expect this query to answer almost instantaneously.
I have also activated more logs (see thread with subject "logs that
contains LDAP accesses to Active Directory" in this newsgroup, thanks
to Tony Muray for his response) and there is an event saying that the
62000 entries were "visited" and 116 were returned. So it seems that
the index is not used or is useless.
The strange thing is that a similar query with another indexed
attribute of the person class :
(mySite=cn=CRFG,ou=sites,DC=mydir,DC=fr), returns almost
instantaneously 21 entries and there is an event saying that 62
entries were scanned and 21 returned. So in this case the index is
used.
When comparing the two attributes myOrganization and mySite, wich are
both indexed, both of type Distinguished Name, the only difference is
that myOrganization is single-valued.
Is there a different behavior between single-valued and multi-valued
attributes ?
Are there some server parameters or thresholds that should be modified
?
Is there a known bug ?
Any help or comment is appreciated
Nicolas C.