Ldapmodify Of Group Via OVD Is Significantly Slower Than Directly Against Backend Directory (i.e., OID) (Doc ID 878882.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 10.1.4.3 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 10.1.4, i.e. 10.1.4.3.0, and Oracle Internet Directory (OID) backend directory.

An ldapmodify to add a uniquemember to a medium or large group, say 23K members or more, takes only about ~200ms when run directly against OID host (or multiple replicated OID hosts).

However, the same modify takes ~1700 to 2200ms when run against OVD front-ending OID(s).

Example ldif file used with ldapmodify:
dn: cn=Portal_User_Group,ou=Groups,dc=qa,dc=mycompany,dc=com
changetype: modify
add: uniquemember
uniquemember: uid=mytestuser,ou=People,dc=qa,dc=mycompany,dc=com

Example timed ldapmodify command that reveals the slowness / performance issue:
time $ORACLE_HOME/bin/ldapmodify -h <host> -p <port> -D "cn=orcladmin" -w <password> -v -c -f mod_user.ldif

The slow performance is only happening when the modify is done via a join adapter for OID and Active Directory (AD).

Workaround:
Bypass the join adapter by providing the OID adapter root namespace, ie "dc=oidroot,dc=com" as
DN of the group in the ldif file.  This forces OVD to use the OID ldap adapter instead of the join adapter, and the ldapmodify then runs just as fast as when going directly against OID.

However, this workaround is not feasible if there are custom java applications using the join adapter base / namespace, and they either cannot be changed, or it would be a major hardship to change them.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms