DIRECTORY SERVICES


Customizing search processing to improve LDAP service performance
To improve the performance of the LDAP service, you can choose options to customize how the service processes searches. These settings apply to all servers in a domain that run the LDAP service.

"Timeout" and "Maximum number of entries returned"

By default, LDAP service takes as long as necessary to process searches, and returns all entries it finds that match the search criteria. If LDAP service performance is slow, consider using the "Timeout" and "Maximum number of entries returned" fields on the LDAP tab of a domain Configuration Settings document to set limits on the length of searches and the number of entries returned. If the LDAP client that sends a request also specifies limits, whichever setting is lower takes precedence.

"Minimum characters for wildcard search"

Specify the minimum number of characters that users must place before the first wildcard in a search filter when the wildcard is combined with a substring. The default is 1 character. If you increase this value, users must provide more specific substring search filters, and as a result, the LDAP service searches fewer entries and processes the searches more quickly. If LDAP service performance is slow, consider increasing the minimum characters required for wildcard searches to 2.

If a filter begins with a wildcard followed by a substring, the LDAP service removes the initial wildcard (unless "Minimum characters for wildcard search" is set to 0), then uses what remains as the search filter. For example, if the option is set to 2 and a user specifies the filter sn=*br*, the LDAP service uses the filter br* to process the search. However, if a user specifies the filter *b*, the LDAP service rejects the search request because after the first wildcard is removed, b*, which is the remaining search filter, contains only one character before the (now) first wildcard.

Note The "Minimum characters for wildcard search" option doesn't apply to search filters that use only a wildcard as a value, for example, a search filter such as sn=* is always allowed. Because this kind of filter searches only for the presence of an attribute, not for an attribute value, it does not have the search performance implications associated with wildcards in substring searches. To control the number of entries returned as the result of a presence search filter, use the "Maximum number of entries returned" option to set a maximum number of entries that the LDAP service can return.

Specifying settings to improve LDAP service search performance:

1. From the IBM® Lotus® Domino® Administrator, open a server that runs the LDAP service, or a open a server in the same domain as one that runs the LDAP service.

2. Click the Configuration tab.

3. In the left pane, expand Directory, then LDAP, and then select Settings.

4. Do one of the following:


5. Change settings in any of these fields:
FieldEnter
TimeoutThe maximum time, in seconds, allowed for LDAP client searches; default is 0. For example, specify 60.
Maximum number of entries returnedThe maximum number of directory entries the LDAP service returns to LDAP clients as search results; default is 0, meaning that there is no limit. For example, specify 100.
Minimum characters for wildcard searchThe minimum number of characters that must precede the first wildcard in a search filter when the wildcard is combined with a substring; default is 1.
6. Click Save & Close.

Related topics