Issue with too-slow LDAP queries

John Gordon <>
Fri, 30 Apr 2010 20:42:26 +0000 (UTC)
I wrote some java code to do LDAP queries. It runs quite slowly and I don't
know why.

On a query that returns about 275K entries my code takes about 50 minutes
to complete, where the Sun "ldapsearch" tool takes about 8 minutes.

Is this expected? Does the Java LDAP implementation just have that much

I'd appreciate any comments on my code. Thanks!

import java.util.*;
import java.text.*;
import javax.naming.*;
import javax.naming.ldap.*;
import org.jdom.*;
import org.jdom.input.*;
import org.jdom.output.*;

public class ldapSearch
  public static void main (String[] args)
    int ldapRecords = 0; // total number of ldap records read
    LdapContext m_Ctx = null;
    Hashtable<String, String> m_env = new Hashtable<String, String>();
    javax.naming.ldap.SortControl sctl = null;
    javax.naming.ldap.PagedResultsControl pctl = null;
    SearchControls constraints = null;
    NamingEnumeration results = null;

      m_env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      m_env.put(Context.PROVIDER_URL, "ldaps://,dc=mycompany,dc=com");
      m_env.put(Context.SECURITY_PRINCIPAL, "cn=Automated LDAP Account,ou=specials,dc=mycompany,dc=com");
      m_env.put(Context.SECURITY_CREDENTIALS, "sekrit");

      m_Ctx = new InitialLdapContext(m_env, null);

      if(m_Ctx != null)
        byte[] cookie = null;

        sctl = new javax.naming.ldap.SortControl(new String[]{"cn"}, Control.CRITICAL);
        pctl = new javax.naming.ldap.PagedResultsControl(100, Control.CRITICAL);
        String[] returnedAttributes = { "cn", "ssn", "firstName", "lastName",
          "generationQualifier", "someField", "someOtherField" };
        constraints = new SearchControls();

          m_Ctx.setRequestControls(new Control[]{sctl, pctl});
          results ="", "uid=*", constraints);

          if (results != null)
            while (results.hasMoreElements())
              SearchResult sr = (SearchResult) results.nextElement();

              if(sr != null)
                Attributes attrib = sr.getAttributes();
                if(attrib != null)

            // get the response controls to our search
            Control[] controls = m_Ctx.getResponseControls();
            if (controls != null)
              for(int i = 0; i < controls.length; i++)
                if(controls[i] instanceof javax.naming.ldap.PagedResultsResponseControl)
                  javax.naming.ldap.PagedResultsResponseControl prrc = (javax.naming.ldap.PagedResultsResponseControl) controls[i];
                  cookie = prrc.getCookie(); // cookie will be null when no pages remain, otherwise it will point to the next page of results

            // re-create the page control so the next call to m_Ctx.setRequestControls() will get the next page in the result set
            pctl = new javax.naming.ldap.PagedResultsControl(100, cookie, Control.CRITICAL);

        } while ((cookie != null) && (cookie.length != 0));

        System.out.println(ldapRecords + " LDAP records read.");


    catch (IOException e) { System.out.println("Could not create sort control for LDAP search"); }
    catch (NamingException e) { System.out.println("Error communicating with LDAP server"); }



John Gordon A is for Amy, who fell down the stairs B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

