[Date Prev][Date Next]
Re: indexing question
Thanks very much for the quick reply. I pasted your entries into
our slapd.conf and again it broke authentication (this time it was only
for 5 seconds as I was prepared and switched right back). Does anyone
know why this might be?
Andrew Bacchi wrote:
I use the shotgun approach, I indexed everything in the database. The
slapindex is only necessary if you are doing it while the database is
down (off line). ldapadd will index all new entries.
After I indexed everything, I had no login problems with either speed or
access. Here is indexing from my slapd.conf:
# Indices to maintain
index default eq
index objectClass eq
On Wed, 14 Aug 2002, charlie derr wrote:
On a server that uses pam against our openldap (2.0.23 w/ldbm as the
back end), we have noticed that the output of the "w" command is quite
slow. Currently, the slapd.conf contains only one index directive:
index objectClass eq
In an attempt to address this problem, I added the following line below
index uid eq
and restarted slapd. This did in fact dramatically speed up the output
of the "w" command, but unfortunately it had the side-effect of breaking
authorization (users were unable to ssh in at this point). Removing
the "index uid eq" line from slapd.conf and restarting slapd again
immediately fixed the broken authorization problem.
I am currently reading through the slap.conf and slapindex man pages, as
well as working on setting up a parallel test system (so that in the
future we can be sure of not bringing down network access for our users
when we attempt to change things), but since I've always gotten great
answers on this list, I thought I'd tolerate the RTFM flames and pose my
question here in the hopes that what I've done wrong is patently obvious
and easily explained.
Does anyone know what my error was? Additionally, if I do add another
index directive to slapd.conf am I required to follow that with a
This is a rather small directory (only about one thousand people in it),
and the timeout value in ldap.conf (on the server where "w" runs slowly)
was set to 10 seconds. I don't know if that information is relevant or
not, and of course i'm willing to provide more specifics if needed.