Unindexed searches can be seen in the directory server access log. The unindexed search indicator, notes=U, indicates that the search performed was unindexed, which means that the database itself had to be directly searched instead of the index file. Unindexed searches occur either when the All IDs Threshold was reached within the index file used for the search, when no index file existed, or when the index file was not configured in the way required by the search. Unindexed searches add a big overhead to the directory server and recurring unindexed searches should not be ignored.
The following command could be used to check for unindexed searches on the directory server:
grep notes=U access
[15/May/2006:15:08:38 +0100] conn=10728 op=7 msgId=8 - RESULT err=0 tag=101 nentries=5 etime=4 notes=U
[15/May/2006:15:08:43 +0100] conn=10728 op=8 msgId=9 - RESULT err=0 tag=101 nentries=3 etime=5 notes=U
[15/May/2006:15:08:48 +0100] conn=10728 op=9 msgId=10 - RESULT err=0 tag=101 nentries=1 etime=4 notes=U
[15/May/2006:15:08:53 +0100] conn=10728 op=10 msgId=11 - RESULT err=0 tag=101 nentries=3 etime=4 notes=U
[15/May/2006:15:08:58 +0100] conn=10728 op=11 msgId=12 - RESULT err=0 tag=101 nentries=0 etime=5 notes=U
[15/May/2006:15:09:03 +0100] conn=10728 op=12 msgId=13 - RESULT err=0 tag=101 nentries=1 etime=4 notes=U
[15/May/2006:15:08:09 +0100] conn=10728 op=13 msgId=14 - RESULT err=0 tag=101 nentries=0 etime=4 notes=U
As is demonstrated above, high etimes usually accompany unindexed searches.
Note: Access logs contain much more information than is outlined here & this is only meant as a quick "how to" for spotting performance issues.
To have your directory server's performance evaluated professionaly contact Horizon.
Q. LDAP - How do I spot unindexed searches and what are they?
Posted by : Dr. Root | 16 May, 2006 | Published in
Q. LDAP - What is etime?
Posted by : Dr. Root | | Published in
etime means Elapsed time, in this case etime=0, indicates the amount of time (in seconds) that it took Directory Server to perform the LDAP operation. An etime value of 0 means that the operation actually took milliseconds to perform.
In general etimes of 0 & 1 are quite common and would indicate correct operation of the directory server. Continuous high etimes would indicate that further investigation is required.
The following command could be used to extract the etime values from a directory server access log:
grep etime access| awk '{print $3, $11}'
conn=12861 etime=0
conn=12861 etime=0
conn=12862 etime=0
conn=12862 etime=0
conn=12862 etime=0
conn=12862 etime=1
As is demonstrated above, this displays the connection numbers & etime values. If you noticed high etime values, you could use the connection number to investigate what operation on the directory took so long and pin-point the reason why.
Q. LDAP - What should I be looking for here?
Posted by : Dr. Root | | Published in
From a performance point of view, you should be looking at etime values and checking for un-indexed searches.
Q. LDAP - Why should i pay attention to my directory server access logs?
Posted by : Dr. Root | | Published in
By examining your directory server access logs you can get an overview as to how the directory server is performing.
By default the directory server's access log is in the following location
//slapd-serverID/logs/access
eg.
/home/drroot/ldap/slapd-ldap01/logs/access
The Directory Server access log contains detailed information about client connections to the directory. A connection is a sequence of requests from the same client with the following structure:
- Connection record that gives the connection index and the IP address of the client
- Bind record
- Bind result record
- Sequence of operation request / operation result pairs of records (or individual records in the case of connection, closed, and abandon records)
- Unbind record
- Closed record
A typical access log entry, with default access logging level, looks like the following:
[15/May/2006:15:08:38 +0100] conn=13404 op=-1 msgId=-1 - fd=70 slot=70 LDAP connection from 127.0.0.1 to 127.0.0.1[15/May/2006:15:08:38 +0100] conn=13404 op=0 msgId=1 - BIND dn="cn=directory manager" method=128 version=3
[15/May/2006:15:08:38 +0100] conn=13404 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[15/May/2006:15:08:38 +0100] conn=13404 op=1 msgId=2 - SRCH base="o=internet" scope=2 filter="(uid=askdrroot)" attrs=ALL
[15/May/2006:15:08:38 +0100] conn=13404 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[15/May/2006:15:08:38 +0100] conn=13404 op=2 msgId=3 - UNBIND
[15/May/2006:15:08:38 +0100] conn=13404 op=2 msgId=-1 - closing - U1
[15/May/2006:15:08:39 +0100] conn=13404 op=-1 msgId=-1 - closed.
Q. I have Solaris 10 on my laptop. How can I set up the wireless network interface and provide an encryption key to allow access to my router?
Posted by : Dr. Root | 02 May, 2006 | Published in
The latest builds of Solaris available through Solaris Express include the wificonfig utility. This is used to configure wireless networking in Solaris. The utility is also available as part of the SUNWwlanu package from the opensolaris.org site.
The wificonfig man page can be viewed at:
http://www.opensolaris.org/os/community/laptop/wireless/wificonfig
The wificonfig man page can be viewed at:
http://www.opensolaris.org/os/community/laptop/wireless/wificonfig
Subscribe to:
Posts (Atom)
