CODEWITHSUNDEEP
javaperformanceldapjndiopenldap
Mateo
Mateo

Reputation: 75

Java - jndi ldap slow search

We are using javax.naming.ldap.LdapContext to connect and query an openLdap.

The problem is that we are getting com.sun.jndi.ldap.LdapSearchEnumeration as the results, and looping it is really slow, like 5 SearchResult per second.

I also tried with the apache ldap api and im getting the same times, unless i bring less atributes but its still slow. To get 180 results it takes 10 seconds.

Code example of jndi ldap:

       Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://aplivolatil....:389");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "uid=usuarioLector.....");
    env.put(Context.SECURITY_CREDENTIALS, "9IVNOaQmEeE");
    env.put(Context.BATCHSIZE, "1000");
    env.put(Context.REFERRAL, "ignore");
    LdapContext contexto;

    try {
        //contexto = new InitialLdapContext(env, null);
        contexto = new InitialLdapContext(env, null);

        SearchControls controlesBusqueda = new SearchControls();
        String [] attrs = new String [] {"cn"};
        controlesBusqueda.setReturningAttributes(attrs);
        controlesBusqueda.setSearchScope(1);

NamingEnumeration<SearchResult> resultadosObjetos = contexto.search("cn=usuarios-......",
                "(&(objectClass=inetOrgPerson))", controlesBusqueda);


        while (resultadosObjetos.hasMore()) {
            resultadosObjetos.next();
        }

So, after investigation and several tests we found out that putting the jndi ldap environment property "batchsize" to 1000, the same delay goes to the search method instead of when looping the results. Which makes sense in a way that the api was going to ldap on every next() maybe. But why so much delay anyway ?

With rootDN goes super fast, 1 sec, could something be wrong with the user im using for searches ? which obviously is not the rootDN ?

Upvotes: 0

Views: 711

Answers (1)

Francis Bartkowiak
Francis Bartkowiak

Reputation: 1462

Apache has an LDAP API that they're working on. You can check it out here. Unfortunately, the documentation isn't very fleshed out at this point. A good number of pages on the User Guide are empty, but you can fill in the gaps with a little intuition and some help from the JavaDocs.

Even with the lack of good tutorials, I've used this API before and had pretty good luck with it. I'd suggest giving it a try at the very least and see if things improve.

Upvotes: 1

Related Questions