Ldapmodify Of Group Via OVD Is Significantly Slower Than Directly Against Backend Directory (i.e., OID)
Last updated on MARCH 08, 2017
Applies to:Oracle Virtual Directory - Version 10.1.4.3 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) 10.1.4, i.e. 10.1.4.3.0, and Oracle Internet Directory (OID) backend directory.
An ldapmodify to add a uniquemember to a medium or large group, say 23K members or more, takes only about ~200ms when run directly against OID host (or multiple replicated OID hosts).
However, the same modify takes ~1700 to 2200ms when run against OVD front-ending OID(s).
Example ldif file used with ldapmodify:
Example timed ldapmodify command that reveals the slowness / performance issue:
time $ORACLE_HOME/bin/ldapmodify -h <host> -p <port> -D "cn=orcladmin" -w <password> -v -c -f mod_user.ldif
The slow performance is only happening when the modify is done via a join adapter for OID and Active Directory (AD).
Bypass the join adapter by providing the OID adapter root namespace, ie "dc=oidroot,dc=com" as
DN of the group in the ldif file. This forces OVD to use the OID ldap adapter instead of the join adapter, and the ldapmodify then runs just as fast as when going directly against OID.
However, this workaround is not feasible if there are custom java applications using the join adapter base / namespace, and they either cannot be changed, or it would be a major hardship to change them.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms