Customizing search processing to improve LDAP service performance

To improve the performance of the LDAP service, you can choose options to customize how the service processes searches. These settings apply to all servers in a domain that run the LDAP service.

Timeout and Maximum number of entries returned fields

By default, LDAP service takes as long as necessary to process searches, and returns all entries it finds that match the search criteria. If LDAP service performance is slow, consider using the Timeout and Maximum number of entries returned fields on the LDAP tab of a domain Configuration Settings document to set limits on the length of searches and the number of entries returned. If the LDAP client that sends a request also specifies a timeout value, the smaller value takes precedence.

Minimum characters for wildcard search

Specify the minimum number of characters that users must place before the first wildcard in a search filter when the wildcard is combined with a substring. The default is 1 character. If you increase this value, users must provide more specific substring search filters, and as a result, the LDAP service searches fewer entries and processes the searches more quickly. If LDAP service performance is slow, consider increasing the minimum characters required for wildcard searches to 2.

If a filter begins with a wildcard followed by a substring, the LDAP service removes the initial wildcard (unless Minimum characters for wildcard search is set to 0), then uses what remains as the search filter. For example, if the option is set to 2 and a user specifies the filter sn=*br*, the LDAP service uses the filter br* to process the search. However, if a user specifies the filter *b*, the LDAP service rejects the search request because after the first wildcard is removed, b*, which is the remaining search filter, contains only one character before the (now) first wildcard.

Note: The Minimum characters for wildcard search option doesn't apply to search filters that use only a wildcard as a value, for example, a search filter such as sn=* is always allowed. Because this kind of filter searches only for the presence of an attribute, not for an attribute value, it does not have the search performance implications associated with wildcards in substring searches. To control the number of entries returned as the result of a presence search filter, use the Maximum number of entries returned option to set a maximum number of entries that the LDAP service can return.

Specifying settings to improve LDAP service search performance:

  1. From the Domino® Administrator, open a server that runs the LDAP service, or a open a server in the same domain as one that runs the LDAP service.
  2. Click the Configuration tab.
  3. In the navigation pane, expand Directory, then LDAP, and then select Settings.
  4. Do one of the following:

    If you see the prompt Unable to locate a Server Configuration document for this domain. Would you like to create one now? click Yes, then click the LDAP tab on the document.

    If you do not see the prompt, click Edit LDAP Settings.

  5. Change settings in any of these fields:
    Table 1. LDAP settings

    Field

    Enter

    Timeout

    The maximum time, in seconds, allowed for LDAP client searches; default is 0. For example, specify 60.

    Maximum number of entries returned

    The maximum number of directory entries the LDAP service returns to LDAP clients as search results; default is 0, meaning that there is no limit. For example, specify 100.

    Minimum characters for wildcard search

    The minimum number of characters that must precede the first wildcard in a search filter when the wildcard is combined with a substring; default is 1.

  6. Click Save & Close.