[Date Prev][Date Next] [Chronological] [Thread] [Top]

Confusion with index

Configuring Courier/Qmail/OpenLDAP 2.x.  It's working, but lookups are
very slow, consuming 100% CPU for 10 second bursts.  With OpenLDAP 1.x
it was because I didn't have enough attributes indexed.  I was only
indexing uid,cn,sn,mail.  Running slapd in debug mode, I saw that it was
looking for an attribute mailAlternateAddress, so I added it to the list
of indexed attributes and lookups were instantaneous with very little
CPU consumption.

But with OpenLDAP 2.0, the format of the indices forces you to tell it
what exactly you want indexed.  Not paying attention, when I populated the
initial 5000 accounts (testing before implementation), I didn't have
mailAlternateAddress in the list, so the index file didn't get created.  
I added it in so that it looks like this now:
   index cn,sn,uid,mail,mailAlternateAddress pres,eq
   index objectClass eq 
But when I run slapindex, it doesn't create the indices for 
mailAlternateAddress.  Is there some other utility that I'm supposed to
be using to create an index after the rest of the db has been created
and indexed?  In my case, the mailAlternateAddress attribute has no
value for any of the 5000 accounts I created.  I recall you saying that
an attribute can't exist with no value, so is this why the index is not
being created or am I doing something wrong?

Kurt, I also noticed in your example in the documentation, the
   index uid pres,eq
   index cn,sn,uid pres,eq,approx,sub
   index objectClass eq
I attempt this config and it reports an error "duplicate index uid,
ignoring".  I remove uid from the second line and it reports an error 
with using approx in the same line.  I remove approx and it reports 
no errors.  When it reports an error like this, does it ignore just 
that attribute, just that index, or the entire line?  I'm betting 
it's the entire line since it doesn't complain about the second error,
only the first one it finds.

I also need clarification about ACL's and authentication, but that will
wait until I get the indexing working properly.  If you have a URL that
explains it, that would be appreciated as well.  I have "Understanding
and Deploying LDAP Directory Services", but they don't talk about
equality, presence, approximate, etc (note that I'm guessing at their
real names and functions).
Blue skies...		Todd
| Get a bigger hammer!   |  Are you feeling lucky...punk?         |
| http://www.mrball.net  |  I've had better days...               |
| http://faq.mrball.net  |  It's the end of the world as we know i|