> On Feb 14, 2017, at 2:55 PM, Gomes, Rich <gomes-r...@aramark.com> wrote:
>
> Here is from a Test machine with very low mail traffic and the suggested
> config changes:
>
> real 0m51.42s
> user 0m0.05s
> sys 0m0.04s
50ms per query is a rather high lookup latency for LDAP. Around ten years
back I was seeing ~2ms per query. What's the network latency between the
MTA and the LDAP servers? Are they too busy serving lookups from internal
interactive users? Perhaps replica servers exclusively for the MTAs are
needed to isolate the MTAs from high user load and vice versa.
In any case it seems the LDAP server is quite slow. Test with other filters,
e.g. 'mail=%s' or something similar that definitely hits an indexed attribute.
Perhaps authorization is slow, are there access controls that may be expensive
to evaluate, ...
> And here is from Prod with a high volume of traffic and the original
> configuration:
>
> real 1m24.74s
> user 0m0.05s
> sys 0m0.06s
The difference between 51ms and 85ms is not dramatic. A performant LDAP
service would be around 1ms (~150km speed of light round-trip time).
Unless your LDAP servers are in a distant city, the performance you're
seeing is much too low.
--
Viktor.
