[Date Prev][Date Next] [Chronological] [Thread] [Top]

objectClass index from slapd.conf is not working

To: openldap-technical@openldap.org
Subject: objectClass index from slapd.conf is not working
From: tim stone <timstone10001@googlemail.com>
Date: Thu, 9 Sep 2010 10:57:04 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=rMfDKaehF5p11i5EXC573sUChuNXIr11xNmM9xpRe0I=; b=NxEZqjQKQ+Zhbm542jAGTQdwCwTllV5qOVvAtBV6nytng5QXQJBc07ZDgK9xoyO7PM UqF/46HEzoj2LUHYNGpzueEMgVbX07I28bfhsKrVi5m+Lf/bf6SVZhFY2rwhKtX5vafR 2kIi/GHWbA98Yehjvt8LxZ4hBAAh1axh0s2Y4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=WyPImZU+uheM6bufAPWEyufmOGLLfsdZRuJ2AdEd+9zQIMIpHgrXy7xsWVIQ2p3npV O52tNy5pxiLeQxoKkBV+LgBgFf+TX0fmAlbatofgtLWsVtyzEQFLS2+MEiDu3IbRG8g2 rdvt2k5PfGQjAdkaOYOgmgcI1ljuP2Vzt9PNY=

Hello,

I've a strange behavior while using index objectClass for searching.

In my slapd.conf I have defined the index in the database section:

index objectClass eq

Other indexes follows in the config. All of them working fine.

If I search via ldapsearch like:

ldapsearch -x -h localhost -w password -D"cn=admin,ou=root"
-b"ou=root" "(objectclass=Guest)"

I can find following Message in the syslog (loglevel -1):

Sep  1 14:02:52 LDAP01 slapd[17856]:    EQUALITY
Sep  1 14:02:52 LDAP01 slapd[17856]: => bdb_equality_candidates (objectClass)
Sep  1 14:02:52 LDAP01 slapd[17856]: => key_read
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_index_read: failed (-30989)
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_equality_candidates: id=0,
first=0, last=0
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=0
first=0 last=0
Sep  1 14:02:52 LDAP01 slapd[17856]: => bdb_filter_candidates
Sep  1 14:02:52 LDAP01 slapd[17856]:    EQUALITY
Sep  1 14:02:52 LDAP01 slapd[17856]: => bdb_equality_candidates (objectClass)
Sep  1 14:02:52 LDAP01 slapd[17856]: => key_read
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_index_read 355545 candidates
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_equality_candidates:
id=-1, first=228, last=355772
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=228 last=355772
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_list_candidates: id=-1
first=228 last=355772
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=228 last=355772
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_list_candidates: id=-1
first=112277 last=355755
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=112277 last=355755
Sep  1 14:02:52 LDAP01 slapd[17856]: bdb_search_candidates: id=-1
first=112277 last=355755
Sep  1 14:02:52 LDAP01 slapd[17856]: => test_filter
Sep  1 14:02:52 LDAP01 slapd[17856]:     EQUALITY
Sep  1 14:02:52 LDAP01 slapd[17856]: <= test_filter 5
Sep  1 14:02:52 LDAP01 slapd[17856]: bdb_search: 112277 does not match filter
Sep  1 14:02:52 LDAP01 slapd[17856]: entry_decode: "cn=Aaa,cn=Bbb,...
Sep  1 14:02:52 LDAP01 slapd[17856]: <= entry_decode(cn=Aaa,cn=Bbb,...
Sep  1 14:02:52 LDAP01 slapd[17856]: => bdb_dn2id("cn=aaa,cn=bbb,...
Sep  1 14:02:52 LDAP01 slapd[17856]: <= bdb_dn2id: got id=0x1b696
Sep  1 14:02:52 LDAP01 slapd[17856]: => test_filter
Sep  1 14:02:52 LDAP01 slapd[17856]:     EQUALITY
Sep  1 14:02:52 LDAP01 slapd[17856] ... all other entires following...

As result, the entires are found, but not in the index and the search
takes a very long time.

After this, I have rebuild the complete database via slapcat/slapadd,
rebuild the index via slapindex for objetClass, but nothing helped.

In tried the test above on:
 * OpenSuSE 11.1 and openLDAP 2.4.21 and 2.4.23 (linked against libdb-4.5)
 * OpenSuSE 11.0 and openLDAP 2.4.9 (linked against libdb-4.5)
 * Debian Lenny and openLDAP 2.4.11 (linked against libdb-4.2)

with different databases and a search against a objectClass.

If I try another index (not objectClass) from the slapd.conf the index
works, example:

ldapsearch -x -h localhost -w password -D"cn=admin,ou=root"
-b"ou=root" "(mypk=1234-234)"

Sep  1 14:03:44 LDAP01 slapd[17856]: => bdb_equality_candidates (mypk)
Sep  1 14:03:44 LDAP01 slapd[17856]: => key_read
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_index_read 1 candidates
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_equality_candidates: id=1,
first=112838, last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_list_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_list_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: bdb_search_candidates: id=1
first=112838 last=112838
Sep  1 14:03:44 LDAP01 slapd[17856]: => test_filter
Sep  1 14:03:44 LDAP01 slapd[17856]:     EQUALITY
Sep  1 14:03:44 LDAP01 slapd[17856]: <= test_filter 6
Sep  1 14:03:44 LDAP01 slapd[17856]: => send_search_entry: conn 1002
dn="cn=Fff,cn=Eee,...
Sep  1 14:03:44 LDAP01 slapd[17856]: <= send_search_entry: conn 1002 exit.
Sep  1 14:03:44 LDAP01 slapd[17856]: send_ldap_result: conn=1002 op=1 p=3
Sep  1 14:03:44 LDAP01 slapd[17856]: send_ldap_response: msgid=2 tag=101 err=0
Sep  1 14:03:44 LDAP01 slapd[17856]: connection_get(12): got connid=1002
Sep  1 14:03:44 LDAP01 slapd[17856]: connection_read(12): checking for
input on id=1002
Sep  1 14:03:44 LDAP01 slapd[17856]: op tag 0x42, time 1283342624
Sep  1 14:03:44 LDAP01 slapd[17856]: conn=1002 op=2 do_unbind
Sep  1 14:03:44 LDAP01 slapd[17856]: connection_close: conn=1002 sd=12

Why does only the objectClass index not work?

The only difference I can see, is that all other indexes are based on
"normal" attributes. I don't know, if it is necessary, but for
objectClass I can't find a attribute definition in the schema. In the
core.schema is the attribute definition for objectClass deactivated
(aka #)...


Here is the Config from the LDAP-Server:

# Schema and objectClass definitions
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/yast.schema
include         /etc/openldap/schema/rfc2307bis.schema
include         /etc/openldap/schema/my_ldap_attribute.schema
include         /etc/openldap/schema/my_ldap.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_bdb

sizelimit               -1
timelimit               300
disallow bind_anon

gentlehup on
tool-threads 1


#######################################################################
# bdb database definitions
#######################################################################
database        bdb
suffix          "ou=root"
rootdn          "cn=root,ou=root"

checkpoint  4096 15
rootpw   password
directory       /var/lib/ldap

dbnosync

# Indices to maintain
index objectClass,entryUUID,entryCSN    eq
index mypk,myusername pres,eq
index myproperty,mylanguage eq
index cn eq,sub



Kindly regards Tim Stone

Follow-Ups:
- Re: objectClass index from slapd.conf is not working
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Authenticate to ldap using Kerberos
Next by Date: Re: Authenticate to ldap using Kerberos
Index(es):
- Chronological
- Thread