[Date Prev][Date Next] [Chronological] [Thread] [Top]

indexing question

On a server that uses pam against our openldap (2.0.23 w/ldbm as the back end), we have noticed that the output of the "w" command is quite slow. Currently, the slapd.conf contains only one index directive:

index objectClass eq

In an attempt to address this problem, I added the following line below that one:

index uid eq

and restarted slapd. This did in fact dramatically speed up the output of the "w" command, but unfortunately it had the side-effect of breaking authorization (users were unable to ssh in at this point). Removing the "index uid eq" line from slapd.conf and restarting slapd again immediately fixed the broken authorization problem.

I am currently reading through the slap.conf and slapindex man pages, as well as working on setting up a parallel test system (so that in the future we can be sure of not bringing down network access for our users when we attempt to change things), but since I've always gotten great answers on this list, I thought I'd tolerate the RTFM flames and pose my question here in the hopes that what I've done wrong is patently obvious and easily explained.

Does anyone know what my error was? Additionally, if I do add another index directive to slapd.conf am I required to follow that with a slapindex command?

This is a rather small directory (only about one thousand people in it), and the timeout value in ldap.conf (on the server where "w" runs slowly) was set to 10 seconds. I don't know if that information is relevant or not, and of course i'm willing to provide more specifics if needed.