[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error - Why?

To: OpenLDAP <openldap-software@OpenLDAP.org>
Subject: Re: Error - Why?
From: John M Beamon <jbeamon@franklinamerican.com>
Date: Wed, 03 Sep 2003 13:01:46 -0500
In-reply-to: <1062599870.26807.14.camel@hopper>
References: <62E24EC675BBE04BBE824B09151B27DC29085E@sdgex02.sd.intuit.com> <8356.208.169.18.3.1062598424.squirrel@www.doublesparks.net> <1062599870.26807.14.camel@hopper>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030727 Thunderbird/0.1

To be a little more verbose... each schema has certain attributes that can be indexed in certain ways: whether two values are equal or unique or whatever. Since you're in Unix, you've probably got a schema/ directory alongside your slapd.conf file. In there, you can 'grep -l <attribute> *' to find the schema file that contains "mail" or "x500uniqueIdentifier", then view that file for a section that looks like this: (from inetorgperson.schema)

objectclass     ( 2.16.840.1.113730.3.2.2
    NAME 'inetOrgPerson'
        DESC 'RFC2798: Internet Organizational Person'
    SUP organizationalPerson
    STRUCTURAL
        MAY (
                audio $ businessCategory $ carLicense $ departmentNumber $
                displayName $ employeeNumber $ employeeType $ givenName $
                homePhone $ homePostalAddress $ initials $ jpegPhoto $
                labeledURI $ mail $ manager $ mobile $ o $ pager $
                photo $ roomNumber $ secretary $ uid $ userCertificate $
                x500uniqueIdentifier $ preferredLanguage $
                userSMIMECertificate $ userPKCS12 )
        )

or this: (from cosine.schema)
attributetype ( 0.9.2342.19200300.100.1.5
        NAME ( 'drink' 'favouriteDrink' )
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

Interestingly, "favouriteDrink" can be indexed for equal names or substring matches. Be specific and intentional when you index. Indexing improves performance and search speed in machines that have the extra RAM to maintain the indexes at all. Indexing just everything, however, is not always practical. Anything with "uniqueIdentifier" in the name is not going to require much text matching and string searching; each entry will be unique, as opposed to the 14 people in your department named "John". Hope this helps.

-j

Matt wrote:

What does this error mean?

In my slapd.conf file I have:
# Indices to maintain
index   objectClass,x500uniqueIdentifier,uid,mail,mailAlternateAddress  eq


but when I try to start slapd I get:
[root@ldap openldap]# /usr/local/libexec/slapd
/usr/local/etc/openldap/slapd.conf: line 65: equality index of attribute "x500uniqueIdentifier" disallowed


What does that mean?

References:
- ldapsearch
  - From: "Lopez, Damien" <Damien_Lopez@intuit.com>
- Re: ldapsearch
  - From: "Alan Sparks" <asparks@doublesparks.net>
- Error - Why?
  - From: Matt <openldap@chilitech.com>

Prev by Date: Re: improved migration script to deal with multihomed hosts?
Next by Date: Re: replication credentials
Index(es):
- Chronological
- Thread