Issue with too-slow LDAP queries

I wrote some java code to do LDAP queries. It runs quite slowly and I don't
know why.

On a query that returns about 275K entries my code takes about 50 minutes
to complete, where the Sun "ldapsearch" tool takes about 8 minutes.

Is this expected? Does the Java LDAP implementation just have that much
overhead?

I'd appreciate any comments on my code. Thanks!

import java.io.*;
import java.util.*;
import java.text.*;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import org.jdom.*;
import org.jdom.input.*;
import org.jdom.output.*;

public class ldapSearch
{
  public static void main (String[] args)
  {
    int ldapRecords = 0; // total number of ldap records read
    LdapContext m_Ctx = null;
    Hashtable<String, String> m_env = new Hashtable<String, String>();
    javax.naming.ldap.SortControl sctl = null;
    javax.naming.ldap.PagedResultsControl pctl = null;
    SearchControls constraints = null;
    NamingEnumeration results = null;

    try
    {
      m_env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      m_env.put(Context.PROVIDER_URL, "ldaps://ldap.mycompany.com:636/ou=people,dc=mycompany,dc=com");
      m_env.put(Context.SECURITY_PRINCIPAL, "cn=Automated LDAP Account,ou=specials,dc=mycompany,dc=com");
      m_env.put(Context.SECURITY_CREDENTIALS, "sekrit");

      m_Ctx = new InitialLdapContext(m_env, null);

      if(m_Ctx != null)
      {
        byte[] cookie = null;

        sctl = new javax.naming.ldap.SortControl(new String[]{"cn"}, Control.CRITICAL);
        pctl = new javax.naming.ldap.PagedResultsControl(100, Control.CRITICAL);
        String[] returnedAttributes = { "cn", "ssn", "firstName", "lastName",
          "generationQualifier", "someField", "someOtherField" };
        constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        constraints.setReturningAttributes(returnedAttributes);

        do
        {
          m_Ctx.setRequestControls(new Control[]{sctl, pctl});
          results = m_Ctx.search("", "uid=*", constraints);

          if (results != null)
          {
            while (results.hasMoreElements())
            {
              SearchResult sr = (SearchResult) results.nextElement();

              if(sr != null)
              {
                Attributes attrib = sr.getAttributes();
                if(attrib != null)
                {
                  ldapRecords++;
                }
              }
            }

            // get the response controls to our search
            //
            Control[] controls = m_Ctx.getResponseControls();
            if (controls != null)
            {
              for(int i = 0; i < controls.length; i++)
              {
                if(controls[i] instanceof javax.naming.ldap.PagedResultsResponseControl)
                {
                  javax.naming.ldap.PagedResultsResponseControl prrc = (javax.naming.ldap.PagedResultsResponseControl) controls[i];
                  cookie = prrc.getCookie(); // cookie will be null when no pages remain, otherwise it will point to the next page of results
                }
              }
            }

            // re-create the page control so the next call to m_Ctx.setRequestControls() will get the next page in the result set
            //
            pctl = new javax.naming.ldap.PagedResultsControl(100, cookie, Control.CRITICAL);
          }

        } while ((cookie != null) && (cookie.length != 0));

        System.out.println(ldapRecords + " LDAP records read.");

      }

    }
    catch (IOException e) { System.out.println("Could not create sort control for LDAP search"); }
    catch (NamingException e) { System.out.println("Error communicating with LDAP server"); }

  }

}

--
John Gordon A is for Amy, who fell down the stairs
gordon@panix.com B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"