Donnerstag, 12. Januar 2012

Thunderbird LDAP search is VERY slow on a large LDAP installation (MS AD in this case)

Problem: after configuring an LDAP directory in the thunderbird address book, searching for entriers takes forever but doesn't find anything.

Started wireshark, found out that a query is sent to the server alright. After 60 seconds, the server came back with a timeout failure (which the TB UI doesn't show, but the packet can be seen in wireshark).

Looking at the LDAP query string shows why: it's a logical "or" of email, name, first name, last name, all of them using a "contains" operator: (|(email=*XXX*)(sn=*XXX*)) etc. This means the LDAP server can't use indexes, so it has to do four full table scans which take forever.

The LDAP query string can be set in a hidden configuration option called "mail.addr_book.quicksearchquery.format", which is documented in https://developer.mozilla.org/en/Thunderbird/Hidden_prefs - it says the default string is pref("mail.addr_book.quicksearchquery.format","?(or(PrimaryEmail,c,@V)(DisplayName,c,@V)(FirstName,c,@V)(LastName,c,@V))");
with the c meaning "contains". However, it doesn't list any other possibilities to use instead of "c", it just refers to the source code.

That can be viewed at
http://dxr.mozilla.org/comm-central/comm-central/mailnews/addrbook/src/nsAbQueryStringToExpression.cpp.html#l278

where "bw" stands for "begins with".

So, i changed the preference to "?(or(PrimaryEmail,bw,@V)(DisplayName,bw,@V)(FirstName,bw,@V)(LastName,bw,@V))");

and look what happens - querys are fast again. Of course, you won't find anything containing your query anymore, just strings that begin with your query - but that's what you want in most cases anyway, and a working "starts with" is better than a non-functional "includes" in any case.