[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: indexing question



I use the shotgun approach, I indexed everything in the database.  The 
slapindex is only necessary if you are doing it while the database is 
down (off line).  ldapadd will index all new entries.

After I indexed everything, I had no login problems with either speed or 
access.  Here is indexing from my slapd.conf:

# Indices to maintain

index default eq
index uid
index sn
index gidNumber
index uidNumber
index gecos
index loginshell
index homeDirectory
index cn
index objectClass eq


On Wed, 14 Aug 2002, charlie derr wrote:

> On a server that uses pam against our openldap (2.0.23 w/ldbm as the 
> back end), we have noticed that the output of the "w" command is quite 
> slow.  Currently, the slapd.conf contains only one index directive:
> 
> index objectClass eq
> 
> In an attempt to address this problem, I added the following line below 
> that one:
> 
> index uid eq
> 
> and restarted slapd.   This did in fact dramatically speed up the output 
> of the "w" command, but unfortunately it had the side-effect of breaking 
> authorization (users were unable to ssh in at this point).   Removing 
> the "index uid eq" line from slapd.conf and restarting slapd again 
> immediately fixed the broken authorization problem.
> 
> I am currently reading through the slap.conf and slapindex man pages, as 
> well as working on setting up a parallel test system (so that in the 
> future we can be sure of not bringing down network access for our users 
> when we attempt to change things), but since I've always gotten great 
> answers on this list, I thought I'd tolerate the RTFM flames and pose my 
> question here in the hopes that what I've done wrong is patently obvious 
> and easily explained.    
> 
> 
> Does anyone know what my error was?  Additionally, if I do add another 
> index directive to slapd.conf am I required to follow that with a 
> slapindex command?    
> 
> This is a rather small directory (only about one thousand people in it), 
> and the timeout value in ldap.conf (on the server where "w" runs slowly) 
> was set to 10 seconds.  I don't know if that information is relevant or 
> not, and of course i'm willing to provide more specifics if needed.
> 
>     ~c
> 
> 

-- 
Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/