How to improve the performance of "ldap_sync".

Document ID : KB000025724
Last Modified Date : 14/02/2018
Show Technical Document Details



The following document describes recommended methods on how to improve the performance of "ldap_sync".  The Service Desk "ldap_sync" tool can take a long time to complete and may also be found to be resource intensive.  This is particularly evident for larger scale implementations; a straight run of ldap_sync can take hours to complete if there are thousands of users in Service Desk and the corresponding LDAP database.


While it is running, the response time from Service Desk will be slow for users.




To resolve this, you may test the following in your QA or Test environment.


CA Support highly recommends testing this in your environment, prior to adding this to run on your production server.


Once the "LDAP" options in Options Manager have been properly configured and "ldap_test" returns successfully:


  1. Recycle the Service Desk Daemon Service.

  2. Create a batch file or shell script (as appropriate for your server operating system):

    Windows Example:
    ldap_sync -c "userid=?" -l "last_name LIKE 'A%'"
    REM using "ping" as Windows does not have a 'sleep' command:
    PING -n 1 -w 300000 >NUL
    ldap_sync -c "userid= ?" -l "last_name LIKE 'B%'"
    REM using "ping" as Windows does not have a 'sleep' command:
    PING -n 1 -w 300000 >NUL


    If using Windows as your Server OS, you may schedule your batch file to run as an Automated Task using Windows Task Scheduler.

    Unix / Linux Example:
    ldap_sync -c "userid=?" -l "last_name LIKE 'A%'"
    sleep 300
    ldap_sync -c "userid= ?" -l "last_name LIKE 'B%'"
    sleep 300


    If using Unix or Linux as your Server OS, you may schedule this to run with the scheduler of your choice.

  3. Prior to implementing this in production, please take care to:

    Ensure you received the expected results in your QA environment.
    Run these commands during off-peak hours.

Should you find the suggestions above have not helped resolve the issue, please open an issue with Support.  Support will need the following items to troubleshoot the problem: 

  • NX_ROOT/NX.env file.
  • NX_ROOT/log directory.
  • NX_ROOT/bopcfg/majic/ldap* files.
  • NX_ROOT/site/mods/majic/ldap* files.
  • bop_sinfo -d cnt > cnt.atributes
  • bop_sinfo -d ldap > ldap.attributes

Alternatively, you can also use the Diagnostic Tool to collect all of the above materials.  Details on the diagnostic tool is available here:  TEC469212