After migrating from OpenLDAP to 389 Directory Server a customer experienced bad perfomance in the addressbook connection from Microsoft Outlook. Queries took about 5 - 10 seconds on an LDAP tree containing approx. 5.000 records.
The reason was a missing SUB index on the field displayName.
An investigation of the LDAP-logfile /var/log/dirsrv/SERVERNAME/access shows the search query which is send from Outlook:
(&(mail=*)(|(mail=Pinnau*)(cn=Pinnau*)(sn=Pinnau*)(givenName=Pinnau*)(displayName=Pinnau*)))
Outlook searches for entries which MUST have an email AND at least one of the fields mail, cn, sn, givenName or displayName MUST match a begins with condition.
This query is fix and cannot be changed in the Outlook settings.
To get query performance on the server-side, an SUB (Substring) index for each field is required.
It turned out that the index for displayName is missing in the default setup of 389 Directory Server.
To get an overview of the indexes you can run the db2index command:
sles15:~ # dsctl INSTANCE_NAME stop
sles15:~ # dsctl INSTANCE_NAME db2index userRoot
...
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: aci
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: cn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing entryrdn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: entryusn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: gidnumber
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: givenname
...
sles15:~ # dsctl INSTANCE_NAME start
Create a LDIF-file to add the missing index:
dn: cn=displayName,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: nsIndex
cn: displayName
nsSystemIndex: false
nsIndexType: pres
nsIndexType: eq
nsIndexType: sub
nsIndexType: approx
nsMatchingRule: 1.3.6.1.4.1.42.2.27.9.4.76.1
Use ldapmodify to create the index:
sles15:~ # ldapmodify -a -D "cn=Directory Manager" -W -h localhost -x < index_displayname.ldiff
And rebuild indexes:
sles15:~ # dsctl INSTANCE_NAME stop
sles15:~ # dsctl INSTANCE_NAME db2index userRoot
...
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: aci
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: cn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: displayname
sles15:~ # - INFO - bdb_db2index - userroot: Indexing entryrdn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: entryusn
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: gidnumber
sles15:~ # - INFO - bdb_db2index - userroot: Indexing attribute: givenname
...
sles15:~ # dsctl INSTANCE_NAME start
The created index for displayName must appear in the output of db2index. The Outlook address book should speed up and give results in less then 1 second.
