LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
6. At the ldap policies: prompt, enter the set maxpagesize to <size> command, where
the <size> is the maximum number of search objects that you want the Active Directory to
return for a search, and then press Enter.
7. At the ldap policies: prompt, enter the set maxqueryduration to <time> command,
where the <time> is the maximum number of seconds to wait for a search request to complete,
and then press Enter.
8. At the ldap policies: prompt, enter the show values command and press Enter. This verifies
the new LDAP policies values are set correctly.
9. Once satisfied with the changes made, enter the Commit Changes command and press
Enter.
10. Enter the quit command and press Enter to return to the ntdsutil main prompt.
11. Enter the quit command and press Enter to quit ntdsutil.
7.12.1.3 Setting search filters to improve enumeration performance
This section pertains to Windows ADS only.
If enumeration requests cannot be avoided, consider the use of customized search descriptors for
each of your name services. Customized search descriptors can improve enumeration performance
because it limits the search only to the paths (containers) where the required data resides.
For example, if your default search DN is set to your domain root DC=cup, DC=acme, DC=com,
you can improve performance if you change the search base DN to CN=Users, DC=cup,
DC=acme, DC=com for the passwd and group services, confining searches to user and group
information.
7.12.2 Client daemon performance considerations
LDAP directory servers introduce numerous features that are not provided by earlier networked
name service systems. In addition, the general purpose nature of LDAP enables it to support a
greater variety of applications than does a networked OS. Although directory servers have excellent
performance and scalability, the additional features (such as security) require that directory
applications be designed and used with performance requirements in mind. To maximize the
number of HP-UX clients that can be supported by an LDAP directory server and to improve client
response, the ldapclientd daemon supports both data caching and persistent network
connections. The following subsections describe their use, benefits, and impacts on performance.
For more information about improving client daemon peformance, see Section 7.1.2.3 (page 183).
7.12.2.1 ldapclientd caching
Caching LDAP data locally enables much greater response time for name service operations.
Caching means that data that has been recently retrieved from the directory server will be retrieved
from a local store, instead of the directory server. Caching greatly reduces both directory server
load and network usage. For example, when a user logs into the system, the OS typically needs
to enquire about his/her account several times in the login process. This occurs as the OS identifies
the user, gathers account information and authenticates the user. And further requests often occur
as the account starts up new applications once a session is established. With caching, generally
only one or two LDAP operations are required.
Caching is also critical to support certain types of applications that make frequent demands on
the name service system, either because they are malfunctioning or need this specific type of
information frequently.
The ldapclientd daemon also supports what is known as a negative cache. This type of cache
is used to store meta-data about nonexistent information. For example, if an application requests
information about an account that does not exist, the directory server will not return an entry, and
that negative result will be stored in a cache. Intuitively this type of cache would seem to be
unnecessary. However, applications exist that perform these operations frequently, either on purpose
248 Administering LDAP-UX Client Services