Oracle Internet Directory Performance Tuning 22-13 its value, then the attribute is said to be skewed. For example, if searches for my_ attribute=value1 and my_attribute=value2 have very different response times, then my_attribute is said to be a skewed. You can uniform the response times for searches for such an attribute by adding it as a value of the orclskewedattribute attribute, which is in the DSA configuration entry. The DN of the DSA configuration entry is cn=dsaconfig,cn=configsets,cn=oracle internet directory By default, the objectclass attribute is listed as a value in the orclskewedattribute attribute. You can change the value of orclskewedattribute by using or ldapmodify. See Section 22.12.1, Modifying Instance-Specific Attributes by Using Fusion Middleware Control and Section 22.12.3, Modifying Attributes by Using ldapmodify .

22.7.3 Optimizing Performance of Complex Search Filters

When Oracle Internet Directory receives an LDAP search filter from a client application, it sends the filter to the Oracle Database as an SQL query. Sometimes client applications send filters that include terms that match a large number of entries in the directory. For example, consider the following filter: uid=msmithobjectclass=inetorgpersonorclisenabled=TRUE The terms objectclass=inetorgperson and orclisenabled=TRUE in that filter match nearly all entries. It would be very resource-intensive to execute that entire filter in the Oracle Database. To improve performance, you can specify that Oracle Internet Directory execute a portion of that filter in its own memory, rather than in the database. To do that, you use orclinmemfiltprocess, an attribute in the DSA configuration entry: cn=dsaconfig,cn=configsets,cn=oracle internet directory When orclinmemfiltprocess is configured, the following events occur each time Oracle Internet Directory receives an LDAP search: 1. Oracle Internet Directory removes all the terms that are configured in the orclinmemfiltprocess before forming the SQL query. 2. Oracle Internet Directory sends the SQL query to Oracle Database. 3. Oracle Database sends the entries resulting from the SQL query to Oracle Internet Directory. 4. Oracle Internet Directory applies the original filter sent by the client the terms in orclinmemfiltprocess to those entries in memory. 5. Oracle Internet Directory sends the entries that match that filter to the client. For example, suppose orclinmemfiltprocess is set to objectclass=inetorgpersonorclisenabled=TRUE. When Oracle Internet Directory receives the search uid=msmithobjectclass=inetorgpersonorclisenabled=TRUE, it sends a filter containing only the parameter uid=msmith to the database. After Oracle Internet Directory receives entries back from the database, Oracle Internet Directory itself applies the filter objectclass=inetorgperson orclisenabled=TRUE to those entries. By default, orclinmemfiltprocess is set to the following values: objectclass=inetorgperson 22-14 Oracle Fusion Middleware Performance and Tuning Guide objectclass=oblixorgperson |obuseraccountcontrol=obuseraccountcontrol=activated |obuseraccountcontrol=activatedobuseraccountcontrol= objectclass= objectclass=oblixworkflowstepinstance objectclass=oblixworkflowinstance objectclass=orcljaznpermission obapp=groupservcenterobdynamicparticipantsset= objectclass=orclfeduserinfo You can change the value of orclinmemfiltprocess by using or ldapmodify. See Section 22.12.1, Modifying Instance-Specific Attributes by Using Fusion Middleware Control and Section 22.12.3, Modifying Attributes by Using ldapmodify . Under some conditions, Oracle Internet Directory ignores orclinmemfiltprocess and sends the entire filter to the database. It does this if the filter it receives meets the following conditions: ■ It contains only one parameter, that is, one attribute-value pair. ■ It contains no filter condition other than those in orclinmemfiltprocess ■ It contains an OR condition applied to the terms that are in orclinmemfiltprocess ■ It contains the same terms as in orclinmemfiltprocess, but in a different order The following cases illustrate those conditions. In all of the following cases, orclinmemfiltprocess is set to objectclass=inetorgpersonemployeetype=Contract. Examples Case A manager=cn=john doeobjectclass=inetorgperson employeetype=Contract Oracle Internet Directory sends the filter manager=cn=john doe to the database. Case B uid=rmsmithobjectclass=inetorgpersonemployeetype=Contrac t Oracle Internet Directory sends only uid=rmsmith to the database, then applies the filter objectclass=inetorgpersonemployeetype=Contract to the entries that are returned from the database. Case C |uid=rmsmithobjectclass=inetorgperson employeetype=Contract