[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Indexes not building correctly in OpenLDAP 2.0.21?
John Dalbec wrote:
>
> I'm getting flaky search results from trailing wildcards. I have 30
> people that should match the first two searches and 33 that should match
> the last two. I just dumped and reloaded my database
> (slapindex/slapcat/slapadd -c/slapindex). The LDIF file looks OK. I'm
> on Red Hat 7.1. I suspect the indexes are not building correctly.
*sigh* teach me to use GDBM for anything important...
I've converted to BDB 3.3.11 and all appears well, at least for now.
My backend files have grown by a factor of 3, though.
>
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services' -LLL dn |
> wc -l
> 60
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services' -LLL dn |
> sort | uniq | wc -l
> 31
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services*' -LLL dn |
> wc -l
> 60
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services*' -LLL dn |
> sort | uniq | wc -l
> 28
> (3 people missing, one gets returned 4x)
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services*' -LLL dn |
> wc -l
> 44
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services*' -LLL dn |
> sort | uniq | wc -l
> 23
> (11 people missing)
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services' -LLL dn |
> wc -l
> 66
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services' -LLL dn |
> sort | uniq | wc -l
> 34
>
> /etc/openldap/slapd.conf:
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
> 23:32:43 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include /etc/openldap/schema/redhat/autofs.schema
> include /etc/openldap/schema/redhat/kerberosobject.schema
> include /etc/openldap/schema/ysulocal/eduPerson-schema
> include /etc/openldap/schema/ysulocal/ysuEduPerson.schema
>
> # Define global ACLs to disable default read access.
> access to * by * read
> sasl-secprops none
> sizelimit 50
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> #pidfile /var/run/slapd.pid
> #argsfile /var/run/slapd.args
>
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile /var/lib/ldap/master-slapd.replog
>
> # Load dynamic backend modules:
> # modulepath /usr/sbin/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> # The next two lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing
> to
> # /usr/share/ssl/certs and running "make slapd.pem".
> TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=ysu,dc=edu"
> #suffix "o=My Organization Name,c=US"
> #rootdn "uid=root@mail03.cc.ysu.edu"
> rootdn "cn=Manager,dc=ysu,dc=edu"
> #rootdn "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # rootpw secret
> # rootpw {crypt}ijFYNcSNctBYg
> rootpw *edited*
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /var/lib/ldap
> # Indices to maintain
> # index objectClass,uid,uidNumber,gidNumber,memberUid eq
> # index cn,mail,surname,givenname eq,subinitial
> index objectClass,uid,uidNumber,gidNumber,memberUid,member pres,eq
> # index cn,sn,givenname,o,ou,mail,telephoneNumber,fax pres,eq,sub
> # facsimileTelephoneNumber has no equality or substring match defined
> index cn,sn,givenname,o,ou,mail,telephoneNumber pres,eq,sub
> index eduPersonAffiliation,eduPersonPrimaryAffiliation pres,eq
> index eduPersonNickname,eduPersonPrincipalName pres,eq,sub
> index ysuEduPersonMajor,ysuEduPersonSchool pres,eq
> index ysuEduPersonOutlookDept pres,eq,sub
> # Replicas to which we should propagate changes
> #replica host=ldap-1.example.com:389 tls=yes
> # bindmethod=sasl saslmech=GSSAPI
> # authcId=host/ldap-master.example.com@EXAMPLE.COM
> # ldbm access control definitions
> access to attr=userPassword
> by self write
> by anonymous auth
> by * none
> access to attrs=mail,uid
> by * peername="IP=127\.0\.0\.1" read
> by * peername="IP=150\.134\.10\.20[123]" read
> by anonymous search
> by group="cn=Staff,ou=DNGroups,dc=ysu,dc=edu" read
> by group="cn=Faculty,ou=DNGroups,dc=ysu,dc=edu" read
> by * search
> access to attr=entry
> by * read
> access to *
> by * peername="IP=127\.0\.0\.1" read
> by * peername="IP=150\.134\.10\.20[123]" read
> by anonymous none
> by group="cn=Staff,ou=DNGroups,dc=ysu,dc=edu" read
> by group="cn=Faculty,ou=DNGroups,dc=ysu,dc=edu" read
> by * none