[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multiple index for a node
Hi Michael,
thanks for your answers,
On Tue, Oct 03, 2017 at 01:06:59PM +0200, Michael Ströder wrote:
> Ervin Hegedüs wrote:
> > is there any way to use multiple keys for a node in a LPD tree?
> >
> > I mean, there are several subtree-s:
> > ou=company2,dc=foo,dc=com
> >
> > and I have to store the users under these subtrees.
>
> Are these two subtrees within the same database?
yes,
> Or do you have separate databases with the suffixes above?
no, there are in same db,
> Which search base do your LDAP clients use?
> dc=foo,dc=com or ou=companyX,dc=foo,dc=com?
dc=foo,dc=com. The "clients" will be "black-box-like" devices,
like application level firewalls, access-points, etc... I just
acn set up only one search base dn for one uniq LDAP source.
> > Sometimes the users
> > have same names, eg. John Smith, and the nodes will be:
> >
> > uid=jsmith,ou=company1,dc=foo,dc=com
> > uid=jsmith,ou=company2,dc=foo,dc=com
> >
> > but the any other attributes (sn, cn, ...) also the same.
> >
> > How do I set up the indexes?
>
> I'm not sure whether I really understand your issue.
>
> An index just speeds up a lookup for a small search candidate set.
yes, I thought it - the records (nodes) in db will be about
k*100000.
> Example:
>
> Assuming you have a single database with suffix dc=foo,dc=com and
> sub-trees ou=companyX,dc=foo,dc=com:
>
> index uid eq
that was what I tried,
> Using search base dc=foo,dc=com there will be two results returned for
> filter "(uid=jsmith)". But indeed the lookup will be faster because uid
> is indexed.
no, whit this index I got 0 result. Without this index I get 2
results.
That was the reason why I asked this question.
Here are the search's:
# ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=foo,dc=com "(&(uid=airween))"
...
# search result
search: 2
result: 0 Success
# numResponses: 1
[no entry]
# grep ^index /etc/ldap/slapd.conf
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid eq
index displayName pres,sub,eq
index default sub
index uidNumber eq
index gidNumber eq
index mail,givenName eq,subinitial
index dc eq
Ok, now I turned off the uid index:
# grep ^index /etc/ldap/slapd.conf
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index displayName pres,sub,eq
index default sub
index uidNumber eq
index gidNumber eq
index mail,givenName eq,subinitial
index dc eq
# ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=foo,dc=com "(&(uid=airween))"
...
# airween, ABC Customer, foo.com
dn: uid=airween,ou=ABC Customer,dc=foo,dc=com
cn: airween
sn: airween
uid: airween
uidNumber: 10001
...
# airween, XYZ Customer, foo.com
dn: uid=airween,ou=XYZ Customer,dc=foo,dc=com
uid: airween
uidNumber: 10001
cn: airween
sn: airween
...
> Off course a typical LDAP-based "login" will fail because there are two
> search results returned and therefore the uid->DN mapping is not unique.
sure, that's clear.
> In general indexes defined for several assertion attributes used in a
> filter are used. But note that search performance can be worse if you're
> indexing attributes with same values in many entries.
right - I just don't understand, why didn't I got the results
when the uid index had turned on.
Thanks again,
a.