[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: indexing question

Thanks very much for the quick reply. I pasted your entries into our slapd.conf and again it broke authentication (this time it was only for 5 seconds as I was prepared and switched right back). Does anyone know why this might be?

Andrew Bacchi wrote:

I use the shotgun approach, I indexed everything in the database. The slapindex is only necessary if you are doing it while the database is down (off line). ldapadd will index all new entries.

After I indexed everything, I had no login problems with either speed or access. Here is indexing from my slapd.conf:

# Indices to maintain

index default eq
index uid
index sn
index gidNumber
index uidNumber
index gecos
index loginshell
index homeDirectory
index cn
index objectClass eq

On Wed, 14 Aug 2002, charlie derr wrote:

On a server that uses pam against our openldap (2.0.23 w/ldbm as the back end), we have noticed that the output of the "w" command is quite slow. Currently, the slapd.conf contains only one index directive:

index objectClass eq

In an attempt to address this problem, I added the following line below that one:

index uid eq

and restarted slapd. This did in fact dramatically speed up the output of the "w" command, but unfortunately it had the side-effect of breaking authorization (users were unable to ssh in at this point). Removing the "index uid eq" line from slapd.conf and restarting slapd again immediately fixed the broken authorization problem.

I am currently reading through the slap.conf and slapindex man pages, as well as working on setting up a parallel test system (so that in the future we can be sure of not bringing down network access for our users when we attempt to change things), but since I've always gotten great answers on this list, I thought I'd tolerate the RTFM flames and pose my question here in the hopes that what I've done wrong is patently obvious and easily explained.

Does anyone know what my error was? Additionally, if I do add another index directive to slapd.conf am I required to follow that with a slapindex command?

This is a rather small directory (only about one thousand people in it), and the timeout value in ldap.conf (on the server where "w" runs slowly) was set to 10 seconds. I don't know if that information is relevant or not, and of course i'm willing to provide more specifics if needed.