[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Confusion with index

At 03:17 AM 6/6/2001, Todd Lyons wrote:
>Configuring Courier/Qmail/OpenLDAP 2.x.  It's working, but lookups are
>very slow, consuming 100% CPU for 10 second bursts.  With OpenLDAP 1.x
>it was because I didn't have enough attributes indexed.  I was only
>indexing uid,cn,sn,mail.  Running slapd in debug mode, I saw that it was
>looking for an attribute mailAlternateAddress, so I added it to the list
>of indexed attributes and lookups were instantaneous with very little
>CPU consumption.
>But with OpenLDAP 2.0, the format of the indices forces you to tell it
>what exactly you want indexed.  Not paying attention, when I populated the
>initial 5000 accounts (testing before implementation), I didn't have
>mailAlternateAddress in the list, so the index file didn't get created.  
>I added it in so that it looks like this now:
>   index cn,sn,uid,mail,mailAlternateAddress pres,eq
>   index objectClass eq 
>But when I run slapindex, it doesn't create the indices for 
>mailAlternateAddress.  Is there some other utility that I'm supposed to
>be using to create an index after the rest of the db has been created
>and indexed?  In my case, the mailAlternateAddress attribute has no
>value for any of the 5000 accounts I created.  I recall you saying that
>an attribute can't exist with no value, so is this why the index is not
>being created or am I doing something wrong?

No.  If the attribute is never used in the directory,
than the index file need not be present for that attribute.

>Kurt, I also noticed in your example in the documentation, the
>   index uid pres,eq
>   index cn,sn,uid pres,eq,approx,sub
>   index objectClass eq
>I attempt this config and it reports an error "duplicate index uid,
>ignoring".  I remove uid from the second line and it reports an error 
>with using approx in the same line.  I remove approx and it reports 
>no errors.

Sounds like a documentation bug to me.

>When it reports an error like this, does it ignore just 
>that attribute, just that index, or the entire line?  I'm betting 
>it's the entire line since it doesn't complain about the second error,
>only the first one it finds.

I don't recall. 

>I also need clarification about ACL's and authentication, but that will
>wait until I get the indexing working properly.

Search on "auth" and "userPassword".

>If you have a URL that
>explains it, that would be appreciated as well.  I have "Understanding
>and Deploying LDAP Directory Services", but they don't talk about
>equality, presence, approximate, etc (note that I'm guessing at their
>real names and functions).

Indexing is generally implementation specific, I wouldn't expect
a general LDAP book to cover them.

>Blue skies...           Todd
>| Get a bigger hammer!   |  Are you feeling lucky...punk?         |
>| http://www.mrball.net  |  I've had better days...               |
>| http://faq.mrball.net  |  It's the end of the world as we know i|