Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D0A149FD8 for ; Thu, 15 Mar 2012 09:34:04 +0000 (UTC) Received: (qmail 24251 invoked by uid 500); 15 Mar 2012 09:34:04 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 24174 invoked by uid 500); 15 Mar 2012 09:34:03 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 24112 invoked by uid 99); 15 Mar 2012 09:34:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Mar 2012 09:34:03 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 74.125.82.178 as permitted sender) Received: from [74.125.82.178] (HELO mail-we0-f178.google.com) (74.125.82.178) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Mar 2012 09:33:57 +0000 Received: by wera13 with SMTP id a13so3457628wer.37 for ; Thu, 15 Mar 2012 02:33:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=bTS31PLcNiK4YQREH0oC/797PLhCctGSmp3Li2Ge0Kc=; b=H+lBPP0VM8kkw8tI+eBD9BdJf2cfTDnlCkWZxox6ULgEW08oZUsJ11VuN+/TIAxjdE kJpHobYDBN8zzeMRQiq7LqZ8ZNUYulH+8STwyoLo9F101dR8HwZPhJvJ2Jto9uJQtqi+ vyEfmsea6Xh0iU8ZtXAfGQd1FPv51wek+saG68pXmQzyOF3tfTpnyULrcbKiCiTl+M9N 2Cx40eCqOOxyRGVHshVtOGHTwArH0eqVvPJEnnvqDmqZyMYvaqZIJtHAYJD2H6Tw0WHN 8qKtSSjS4+lWeNnoT7Qai3xswy+DldmC4oYWAvhOnyJvbRdvYYrVHCrKJbOwS7vw0fTA 1Srw== MIME-Version: 1.0 Received: by 10.180.101.136 with SMTP id fg8mr24653078wib.4.1331804016396; Thu, 15 Mar 2012 02:33:36 -0700 (PDT) Sender: akarasulu@gmail.com Received: by 10.180.103.7 with HTTP; Thu, 15 Mar 2012 02:33:36 -0700 (PDT) In-Reply-To: <4F60C49B.7090001@gmail.com> References: <2BE7E81B77921F43A6A273C2DF2FA6A43C107D77EE@IBSMBX.ibs-ag.com> <4F60C49B.7090001@gmail.com> Date: Thu, 15 Mar 2012 11:33:36 +0200 X-Google-Sender-Auth: uHoIKLhdvOsAewrJR-WE1wEk_vw Message-ID: Subject: Re: Is it faster/better to include one objectclass or all in query? From: Alex Karasulu To: users@directory.apache.org, elecharny@apache.org Content-Type: multipart/alternative; boundary=f46d04462e4c4ec86504bb44c929 X-Virus-Checked: Checked by ClamAV on apache.org --f46d04462e4c4ec86504bb44c929 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Wed, Mar 14, 2012 at 6:17 PM, Emmanuel L=E9charny w= rote: > Le 3/14/12 5:08 PM, Alex Karasulu a =E9crit : > > On Wed, Mar 14, 2012 at 4:51 PM, wrote: >> >> Hi, when searching for a user having this objectclass hierarchy >>> >>> top >>> |_person >>> |_organizationalPerson >>> |_inetOrgPerson >>> >>> and uid =3D 'jsmith' >>> >>> Which query would be less expensive or better/faster? Thanks! >>> >>> (& >>> (objectclass=3DinetOrgPerson) >>> (uid=3Djsmith) >>> ) >>> >>> This would be faster and more efficient since the evaluation is on a >> more >> specific objectClass which reduces the search space from the get go. >> >> To understand this you need to know about how the optimizer works with >> scan >> counts that are returned. LDAP search filters are expanded out into an A= ST >> (abstract syntax tree) with the leaves of the tree being assertions the >> branch nodes being operators. Then the optimizer annotates this AST with >> scan counts, which basically is asking each index, "Hey how many results >> would you return for this assertion?" So the more specific inetOrgPerson >> is >> more likely to return a smaller scan count. >> >> Now if you have an index on uid then the scan count on this will be 1 >> since >> UID should be unique (our DSA does not enforce this tho) >> > Uh ? > > The DSA does NOT enforce UID uniqueness so this is may be a problem if your application or organization does not enforce this was my point. > Sorry, Alex, but if you manage more than one linux server, you might have > more than one uid in your LDAP server, no ? Plus uid is not a SINGLE_VALU= E, > so you maye have more than one value in the AT. > > I was trying to say the same thing. You might have more than one jsmith uid because this is not enforced by the DSA. > You may have a higher number of uid=3DXXX in this case. > > If you do not have an index on uid I suggest you index it. But if you >> don't >> then the candidates will be generated off the objectClass index which >> always exists since it is a system index. The server will then iterate >> through the entire set of inetOrgPersons in your DIB and de-serialize th= e >> entry from the master table then check (after normalizing the uid >> attribute) if it is in fact equal to jsmith. This could be huge. >> > > Yeah, this is a better explaination than mine : ObjectClasses are indexed > DIT wide. > > >> So index your uids and don't bother with the objectClass stuff if you >> don't >> vary the OC of the people in your DIB. >> > > This is the right thing to do, really. > --=20 Best Regards, -- Alex --f46d04462e4c4ec86504bb44c929--