Hello, I have been using Net::LDAPS successfully on a project to create a web interface to an internal LDAP employee directory. The site is in an Apache mod-perl environment, with one web page view potentially causing several LDAP searches. (If more than one record is returned, I show a list to pick from. But if exactly one record is found, I do further queries to display that person's peers, direct reports, and management hierarchy on the same page.) If several calls are done for one web page display, I re-use the same connection, which saves lots of setup overhead to the server (particularly since it's using SSL). Very easy to do with Net::LDAP -- overall it's been great.
However, I have recently been doing load testing on it to simulate lots of users performing searches at once. I'm finding that since speed with which Net::LDAP returns result sets varies pretty dramatically with the number of entries returned (e.g. a request for sn "Smith"), the completion rate can quite realistically can fall below the incoming request rate, and eventually Apache reaches its active servers limit. This drove me to profile the code with DProf and, as the person who started this thread noted, found that most of the time is being consumed in Convert::ASN1. I see on the Convert::ASN1 perldoc than an XS version is on the TODO list, but I also see in recent threads in this mailing list that Graham has said there is no XS version, and it doesn't sound like anyone is working on one currently. I experimented with using the 'ldapsearch' binary command-line tool that comes with the Sun LDAP SDK, which was much faster for any given query, but the overhead of having several of those launching per page ended up burying the server far sooner, with simulated increasing loads. So, performance could be an issue for me, even though each lookup is not returning thousands of records. (I limit returns to 500, but even then it's pretty slow for the user waiting for the results, and with sustained user load of a couple of queries per second, things get backed up). It was suggested earlier that when performance may be an issue, it can be better to switch to a C interface to the LDAP libraries (in this case, the Sun LDAP server is being used and the C libraries are available to me). Unfortunately, I don't know how to proceed in this direction. Does anyone have any example code that has done a similar thing -- passing a query and options from perl to an interface to C LDAP libraries and getting a perl data structure (or text which could be easily parsed in perl) back? Is the (very old at this point) Mozilla::LDAP module the way to go, or is there a different approach that works well? Any and all help would be GREATLY appreciated. Joel Noble [EMAIL PROTECTED] p.s. - I experimented with using the 'ldapsearch' binary command-line tool that comes with the Sun LDAP SDK, which was much faster for any given query, but the overhead of having several of those launching per page ended up burying the server far sooner, with simulated increasing loads.
