[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CN must be indexed?

Andrew Bartlett wrote:
Working on the OpenLDAP backend for Samba4, I'm wondering if this is expected:

No, there's no special indexing requirements for any attributes. Indexing is always optional. But of course, performance will suffer as DB sizes grow. It's always recommended to index the "objectclass" attribute, since it's used so frequently in internal searches as well as user searches, but nothing will break without it.

Is 'cn' a special attribute in the OpenLDAP code?  It seems that the
builtin schema definition (or something else) requires that the 'cn'
attribute be indexed with

index cn eq

Otherwise, searches for cn=foo fail, where cn=foo* succeeds...

Sounds like either a corrupt DB, or a bug. If you can provide a test case to reproduce the problem, that'll help. More likely it's a misconfiguration...

I'm using current CVS, and trying to have Samba4 automatically generate
configuration files for OpenLDAP, possibly based on the (AD) schema-data
we will load into the directory.

As such, knowing any (particularly other, similar) OpenLDAP-imposed
constraints will be very useful, so that I can ensure these are met by
the provision-backend script in Samba4.


Andrew Bartlett

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/