Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Directory Editor 1 2004Q4 SP1 Installation and Configuration Guide 

Appendix C
Improving Performance of Browse and Search Features

This appendix explains how you can improve performance for Directory Editor’s browse and search features.

The information is organized as follows:

Note

The information in this appendix is provided to supplement the detailed information about browsing and searching indexes provided in the Sun Java™ System Directory Server product documentation.

If you encounter any information that conflicts with the Directory Server product documentation, you should consider the Directory Server documentation as authoritative.

Introduction

Directory Editor’s browse and search features both use an LDAP protocol facility called the Virtual List View. This Virtual List View facility provides an LDAP client with the ability to specify a “window" into the data that is available on the LDAP server.

A client provides an LDAP query and sorting parameters that enable the server to create a "view" into the data that would be produced by the query. The client also provides the server with parameters that control which range of entries to retrieve. Because this facility places a significant load on the LDAP server, consider making the facility more performant if you will be using it regularly.

Increasing Virtual List View Performance

You can make the virtual list view (VLV) more efficient by creating a VLV index inside the directory server. A VLV index effectively notifies the server that a virtual list view, with specific query and sort parameters, will be performed. This index also allows the server to collect and maintain the information required to make using the virtual list view faster.

Be aware that there are several small costs associated with indexing:

In most deployments however, the increase in query speeds attained by indexing far outweigh these costs.

Creating a VLV Index

This section provides instructions for creating a VLV index

From the Directory Server Console

Use the following steps to create an index specifically for a “Virtual List View.”

  1. Create a vlvSearch object under the following dn:

    2. cn={dbname},cn=lbdm database,cn=Plugins,cn=config

    Right-click on the entry in the tree, and when the pop-up menu is displayed, select New > Other (Figure C-1).

    Figure C-1  Creating a vlvSearch Object
    Select New > Other to create the vlvSearch object.

  2. When the New Object dialog is displayed (Figure C-2), select the vlvsearch object class and then click OK.

    3. Figure C-2  Selecting the vlvSearch Object Class
    Select the vlvSearch object class.

    The New Object dialog box closes and the Generic Editor dialog box is displayed.

  3. Specify the following object class attributes (as shown in Figure C-3):

    4. Figure C-3  Specifying the Object Class Attributes
    Changing the naming attribute name to cn.

    • vlvBase: Specify the base DN used in the query you want to index.
      For example:

      • ou=People,dc=example,dc=com

    • vlvScope: Specify the LDAP scope of the query you want to index.

      • The vlvScope search scope is similar to an LDAP protocol search in which the scope is a number, as follows:

      • 0 is the entry
      • 1 is only the entries exactly one level below the search base

        If you set vlvScope to 1, you must create a vlvSearch/vlvIndex for each ou where you want a VLV index.

      • 2 is the entry and all descendants
    • vlvFilter: Specify the LDAP filter used in the query you want to index. For example:

      • (objectClass=*)

  4. Before closing the Generic Editor dialog box, change the naming attribute to cn, which will enable you to provide a more user-friendly name. Click the Change button and the Change Naming Attribute dialog box is displayed (Figure C-4).

    5. Figure C-4  Changing the Naming Attributes
    Changing the naming attribute name to cn.

  5. When you are finished, click OK to save the new attribute name and close the Change Naming Attribute dialog box.
  6. Specify a more user-friendly name for the cn attribute.
  7. After you have created the vlvSearch object, you must create a vlvIndex object under the vlvSearch object.

    8. The steps for creating a vlvIndex object are a very similar to the steps you just used to create the vlvSearch object. The only difference is that you will be creating a vlvIndex object instead of a vlvSearch object, which means the Generic Editor dialog will be slightly different.

  8. Specify the vlvsort attribute for the sort you will be using for the VLV query. As in the preceding steps, specify a user-friendly name for the object.
    For example, see Figure C-5.

    9. Figure C-5  Creating a vlvIndex Object Class
    Creating a vlvIndex object class.

  9. Shut down the directory server by typing:

    10. slapd-<instancename>/stop-slapd

  10. After creating the preceding entries, you must prompt the directory server to create the index as follows:

    11. Use the vlvindex command in the slapd-<instancename> directory, which is located at the same level as the start-slapd command. The vlvindex command has two parameters:

    • -n: Specifies the database
    • -T: Specifies the name of the vlvIndex object you are using to create the index

From the Command Line

Perform the following steps to create a VLV index:

  1. Create an entry with the vlvSearch object class below the entry:

    2. cn={dbname},cn=lbdm database,cn=plugins,cn=config

    The vlvSearch object defines the search parameters for the index you want to create. You should give the entry a meaningful name and change the default naming attribute that the object will use for this name.

    The vlvSearch object class requires the following attributes:

    • vlvBase: Specifies the search base DN to which the index will apply. For example:

      • ou=People,dc=example,dc=com

    • vlvScope: Specifies the scope of the search to be performed.

      • The vlvScope search scope is similar to an LDAP protocol search in which the scope is a number, as follows:

      • 0 is a baseObject search that includes only the entry specified as the search base.
      • 1 is a singleLevel search that includes all entries exactly one level below the search base.
      • 2 is a wholeSubtree search includes the entry specified as the search base and all entries anywhere below it.
    • vlvFilter: Specifies a filter for the search. For example:

      • (objectClass=*)

  2. Create an entry under the vlvSearch entry.

    3. This new entry requires an vlvIndex object class, which defines the sorting to use in your search. You should give the entry a meaningful name and change the default naming attribute that the object will use to this name.

    The vlvIndex object requires the vlvSort attribute, which specifies a list of attributes on which to sort, and in what order to sort them. For example,

    "ou dc cn uid"

  3. After creating the preceding entries, you must prompt the directory server to create the index as follows:

    4. Use the vlvIndex command in the slapd-<instancename> directory, which is located at the same level as the start-slapd command. The vlvIndex command has two parameters:

    • -n: Specifies the database
    • -T: Specifies the name of the vlvIndex object you are using to create the index

Creating Tree Indexes

You can make the browse tree more efficient by creating a virtual list view index. Use the following settings for this index.

Using the Virtual List View Anonymously

By default, a Sun Java System Directory Server deployment does not allow unauthenticated users to use the Virtual List View control.

If you want to permit anonymous users to access the Virtual List View features (to give them increased performance when using Directory Editor Browse or Search pages) then you must configure Directory Server to allow anonymous-user access for VLV searches.

However, it is important to remember that by doing this, you expose Directory Server to resource-intensive requests from an unauthenticated user and you should consider taking steps to protect Directory Server from arbitrary connections. For example, you could put this Directory Server behind a Directory Proxy Server and ensure proper resource limits.

To configure Directory Server to permit anonymous users to use the Virtual List View control, you must change the aci attribute of the entry with the following dn:

dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config

By default, the aci attribute for this entry is:

aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control";
allow( read, search, compare, proxy ) userdn = "ldap:///all";)

This configuration means that any authenticated Directory Server user has access to this entry, which in turn grants access to the Virtual List View control. Consequently, because the anonymous user is not authenticated they are not allowed access.

The aci attribute should be changed as follows:

aci : (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///anyone";)

This configuration gives anyone access to the entry — whether they are authenticated or not — and they will have permission to use the Virtual List View control.



Previous      Contents      Index      Next     

Part No: 819-1701.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.