directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quanah Gibson-Mount <>
Subject Re: Various questions
Date Mon, 05 Jun 2006 07:03:31 GMT

--On Monday, June 05, 2006 8:49 AM +0200 Emmanuel Lecharny 
<> wrote:

> Quanah Gibson-Mount a écrit :
> Hi !
>> Hi,
>> I'm looking at apache DS as compared to OpenLDAP, and have an initial
>> set of questions:
>> (a) is it possible to bulk load an LDIF file while the server is
>> offline? If yes, how?
> Well, no.
>> (b) If I choose to load an LDIF file via the server.xml file, is the
>> beginning and end of the load logged, so that a timing mark can be
>> drawn from it?
> It's better to do it another way. If you wait untl 1.0-RC4, which will be
> out around this week or next week, you will be able to use an
> apacheds-tools to import LDIF files into ADS. FYI, we have done some load
> tests lately, and what I can say is that loading 10 000 entries into
> OpenLdap takes 9 mins, and 1min 40sec on ADS.

I'm curious on how you are setting up OpenLDAP, because I can load a 
400,000 entry LDIF with heavy (90+ attributes) indexing in 14 minutes and 
30 seconds.  My guess is you don't understand how to configure OpenLDAP.

I tried loading a 250,000 (very small) database into Apache DS tonight, and 
it died horribly somewhere between 10k and 11k entries.

ldapadd logged the following error:

adding new entry uid=user.11084,ou=People,dc=example,dc=com
ldap_add: Loop detected
ldap_add: additional info: failed to add entry 

>> (c) How does one tune the underlying database?
> No way to do it right now.
>> (d) Is there any way to tune an entry cache, etc, for Apache DS?
> It's a improvment listed in JIRA : currently, the cache size is fixed
> (bad!), and we want to change that
>> (e) When one specifies an index for an attribute, I see no way to
>> differentiate between equality, substring, presence, etc.  If an
>> attribute is indexed, is it then simply indexed for all possible
>> search methods?
> Hmmm, I have to check. I think it's equality. Presence is not implemented
> atm, AFAIK

What about substring?

>> (f) Are there any other general guidelines for tuning Apache DS?
> Not too much. We are not currently working too much on adding tunning
> tools on the server, because we are working hard to fix some
> functionnalites issues, and also some real serious performance problems
> that kill the server when you have more than, say, 100 entries ;(
> What I may suggest is that you fill JIRA's issues for those point you
> think are lacking in ADS, in order for us to be able to fix those points
> and not forget them (for instance, your index question is important). We
> would be very pleased to ear about any bug, any missing functionnality,
> any performance comparison you can do, this will help us to build a
> better server. And if you have time, well, we also need some help
> improving it, it's doco, it's testcases, and so on :)

I'll note that in my performance test with OpenLDAP, I can achieve nearly 
14,000 authentications/second.  There are two searches per authentication, 
so nearly 28,000 search/second.  The highest number I've seen quoted on 
this list is 780 or so searches/second.  Is there anyone with better 


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key:

View raw message