LDAP queries can be a bottleneck in a heavily utilized directory-server environment. To maintain a high level of performance with large numbers of objects, eDirectory (which is the basis of the Identity Vault in Identity Manager) records frequently requested information and stores it in indexes. When a complex query is run against objects with indexed attributes, the query returns much faster.
Out of the box, eDirectory comes with the following attributes already indexed:
Aliased Object Name cn dc Equivalent to Me extensionInfo Given Name GUID ldapAttributeList ldapClassList Member NLS: Common Certificate Obituary Reference Revision Surname uniqueID uniqueID_SS
When you install Identity Manager, the default directory schema is extended with new object class types and new attributes pertaining to the User Application. User-application-specific attributes are by default not indexed. For better performance, you might find it useful to index some of those attributes (and perhaps a few traditional LDAP attributes as well), particularly if your user container contains over 5,000 objects.
The general idea is to index only those attributes that you know are regularly queried, which could be different attributes in different production environments. The only way to know which attributes are heavily used is to collect predicate statistics at runtime. The collection process itself degrades performance, however.
The process for collecting predicate statistics is discussed in detail in the eDirectory Administration Guide. Indexing is also discussed in more detail there. In general, you need to do the following:
Use iManager to turn on predicate-statistics collection for attributes of interest
Put the system under load
Disable statistics collection and analyze the results
Create an index for each type of attribute that might benefit from having one
If you already know which attributes you want to index, there is no need to use ConsoleOne. You can create and manage indexes in iManager with eDirectory Maintenance > Indexes. For example, if you know that users of your org chart are likely to perform searches based on the isManager attribute, you can try indexing that attribute to see if performance is enhanced.
NOTE:As a best practice, it is recommended that you index, at a minimum, the manager and isManager attributes.
For an in-depth discussion of attribute indexing and performance, see “Tuning eDirectory” in Guide to Troubleshooting eDirectory by Peter Kuo and Jim Henderson (QUE Books, ISBN 0-7897-3146-0).
For more information about performance tuning, see “Maintaining eDirectory” in the eDirectory Administration Guide.