On Friday, 19 August 2011 11:27:03 anax wrote:
Hi listers
Installation here:
openldap-servers-2.4.15-7.fc11.i586
One master server, two backup servers (syncrepl).
All authentication and mailing is managed by ldap.
1. About indexing:
When i check the slapd-log, i see many
<= bdb_equality_candidates: (uidNumber) not indexed
<= bdb_equality_candidates: (gidNumber) not indexed
In the discussion about slapd tuning
http://www.openldap.org/doc/admin24/tuning.html#Indexes, however, i read
that if each entry in a certain set of ldap-entries has got the
candidate-attribute, it is not worth while to index the attribute,
because slapd needs to read each entry in any case in order to find the
requested one.
This discussion you quote is about 'presence' indexing.
this is the case for uidNumber as well as gidNumber,
because both are compulsory attributes for objectClass posixAccount.
My first question:
is it therefore correct to disregard the above indexing requests of slapd?
It is useful to do 'eq' indexing of uidNumber and gidNumber, you shouldn't
quote stuff out of context (and also try and understand it ...).
2. About slapindex:
When it comes to use slapindex, the docu is not clear about how to do
that. Some places say, that you need to stop slapd entirely,
In the case of using a static (slapd.conf) configuration.
some places
say that it is sufficient to put slapd in read-only mode for the
corresponding background database,
This has never been an option. You could have provided a reference to the
documentation in question.
which in this case would be
/etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb.ldif
this file contains both the olcReadOnly and the olcDbIndex attributes.
You should never actually consider these as files, they aren't for editing
with an editor, this is only the backend store of the cn=config database. You
should modify these values just like you modify entries in other databases -
over the LDAP protocol.
So i could just add the following two lines in the above file:
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
set the olcReadOnly attribute to TRUE, and restart slapd, and everything
would be done automatically?
No, in back-config/cn=config configuration, it is sufficient to add the
olcDBIndex values with e.g. ldapmodify.
Why is it sufficient? If you do it over the wire, slapd can see what has
changed, and can start creating a new index for you.
Or would i need to invoke slapindex additionally with the following command
slapindex -c
This is only applicable/necessary if using slapd.conf.
Would the new indexes be propagated to the backup servers by syncrepl
automatically?
No.
If not, what would i have to change on the backup servers?
You should apply the applicable configuration change.
Regards,
Buchan