[Date Prev][Date Next]
Re: Confusion with index
At 03:17 AM 6/6/2001, Todd Lyons wrote:
>Configuring Courier/Qmail/OpenLDAP 2.x. It's working, but lookups are
>very slow, consuming 100% CPU for 10 second bursts. With OpenLDAP 1.x
>it was because I didn't have enough attributes indexed. I was only
>indexing uid,cn,sn,mail. Running slapd in debug mode, I saw that it was
>looking for an attribute mailAlternateAddress, so I added it to the list
>of indexed attributes and lookups were instantaneous with very little
>But with OpenLDAP 2.0, the format of the indices forces you to tell it
>what exactly you want indexed. Not paying attention, when I populated the
>initial 5000 accounts (testing before implementation), I didn't have
>mailAlternateAddress in the list, so the index file didn't get created.
>I added it in so that it looks like this now:
> index cn,sn,uid,mail,mailAlternateAddress pres,eq
> index objectClass eq
>But when I run slapindex, it doesn't create the indices for
>mailAlternateAddress. Is there some other utility that I'm supposed to
>be using to create an index after the rest of the db has been created
>and indexed? In my case, the mailAlternateAddress attribute has no
>value for any of the 5000 accounts I created. I recall you saying that
>an attribute can't exist with no value, so is this why the index is not
>being created or am I doing something wrong?
No. If the attribute is never used in the directory,
than the index file need not be present for that attribute.
>Kurt, I also noticed in your example in the documentation, the
> index uid pres,eq
> index cn,sn,uid pres,eq,approx,sub
> index objectClass eq
>I attempt this config and it reports an error "duplicate index uid,
>ignoring". I remove uid from the second line and it reports an error
>with using approx in the same line. I remove approx and it reports
Sounds like a documentation bug to me.
>When it reports an error like this, does it ignore just
>that attribute, just that index, or the entire line? I'm betting
>it's the entire line since it doesn't complain about the second error,
>only the first one it finds.
I don't recall.
>I also need clarification about ACL's and authentication, but that will
>wait until I get the indexing working properly.
Search on "auth" and "userPassword".
>If you have a URL that
>explains it, that would be appreciated as well. I have "Understanding
>and Deploying LDAP Directory Services", but they don't talk about
>equality, presence, approximate, etc (note that I'm guessing at their
>real names and functions).
Indexing is generally implementation specific, I wouldn't expect
a general LDAP book to cover them.
>Blue skies... Todd
>| Get a bigger hammer! | Are you feeling lucky...punk? |
>| http://www.mrball.net | I've had better days... |
>| http://faq.mrball.net | It's the end of the world as we know i|