OpenLDAP Quick Tips: Check your indices

The Suretec Blog

Twitter

Calendar

Back May '13
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

Tag Cloud

Wednesday, November 26. 2008

OpenLDAP Quick Tips: Check your indices

OpenLDAP Open Source Suretec
Hi All,

Here's my 11th tip in the "OpenLDAP Quick Tips" series:

"You want to make sure you have the correct indices configured for the best performance":

It's easy to discover when you do not have the correct indices set by checking your ldap[?] log. If you see something similar to:


CODE:
Nov 26 11:10:16 localhost slapd[2957]: conn=17 fd=13 ACCEPT from IP=XXX.XXX.XXX.XXX:38019 (IP=0.0.0.0:389) Nov 26 11:10:16 localhost slapd[2957]: conn=17 op=0 BIND dn="" method=128 Nov 26 11:10:16 localhost slapd[2957]: conn=17 op=0 RESULT tag=97 err=0 text= Nov 26 11:10:16 localhost slapd[2957]: conn=17 op=1 SRCH base="dc=suretecsystems,dc=com" scope=2 deref=0 filter="(o=suretec systems ltd.)" Nov 26 11:10:16 localhost slapd[2957]: <= bdb_equality_candidates: (o) not indexed Nov 26 11:10:16 localhost slapd[2957]: conn=17 op=1 SEARCH RESULT tag=101 err=0 nentries=3 text= Nov 26 11:10:16 localhost slapd[2957]: conn=17 op=2 UNBIND Nov 26 11:10:16 localhost slapd[2957]: conn=17 fd=13 closed


namely:

CODE:
Nov 26 11:10:16 localhost slapd[2957]: <= bdb_equality_candidates: (o) not indexed


then you have not configured an equality index for the o attribute.

Add index o eq to your slapd.conf and then stop slapd and run slapindex as the user that runs slapd (probably the ldap[?] user). Now start slapd up again.

If you add an index over the LDAP[?] protocol whilst using the slapd config backend, then the index will be created on the fly and you won't need to use slapdindex or restart your directory server. Use the following LDIF as your starting point:

CODE:
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: o eq


The above assumes you have an hdb backend and it is configured to hold your directory data as the first database (database 0 holds cn=config):

CODE:
ldapmodify -D 'cn=config' -W -f newindex.ldif


will show in your logs as:

CODE:
Nov 26 11:57:51 localhost slapd[2957]: conn=27 fd=13 ACCEPT from IP=XXX.XXX.XXX.XXX:45776 (IP=0.0.0.0:389) Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=0 BIND dn="cn=config" method=128 Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=0 RESULT tag=97 err=0 text= Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=1 MOD dn="olcDatabase={1}hdb,cn=config" Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=1 MOD attr=olcDbIndex Nov 26 11:57:51 localhost slapd[2957]: slap_queue_csn: queing 0xa2b4aa52 20081126115751.937214Z&000000;000#000000 Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=1 RESULT tag=103 err=0 text= Nov 26 11:57:51 localhost slapd[2957]: slap_graduate_commit_csn: removing 0x98743b8 20081126115751.937214Z&000000;000#000000 Nov 26 11:57:51 localhost slapd[2957]: conn=27 op=2 UNBIND Nov 26 11:57:51 localhost slapd[2957]: conn=27 fd=13 closed


and then to confirm by searching for the o attribute again:

CODE:
Nov 26 11:58:25 localhost slapd[2957]: conn=28 fd=19 ACCEPT from IP=XXX.XXX.XXX.XXX:33576 (IP=0.0.0.0:389) Nov 26 11:58:25 localhost slapd[2957]: conn=28 op=0 BIND dn="" method=128 Nov 26 11:58:25 localhost slapd[2957]: conn=28 op=0 RESULT tag=97 err=0 text= Nov 26 11:58:25 localhost slapd[2957]: conn=28 op=1 SRCH base="dc=suretecsystems,dc=com" scope=2 deref=0 filter="(o=suretec systems ltd.)" Nov 26 11:58:25 localhost slapd[2957]: conn=28 op=1 SEARCH RESULT tag=101 err=0 nentries=3 text= Nov 26 11:58:25 localhost slapd[2957]: conn=28 op=2 UNBIND Nov 26 11:58:25 localhost slapd[2957]: conn=28 fd=19 closed


No more compliants about the lack of an index and no restarting slapd!

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.
Posted by Gavin Henry in OpenLDAP, Open Source, Suretec at 11:12 | Comments (0) | Trackbacks (2)
Defined tags for this entry: , , , , , , , , , , , , , , , , , , ,
Related entries by tags:
Tweet This!Tweet This!

Trackbacks
Trackback specific URI for this entry

OpenSSO and ldapvi
WARNING - guru level information in this blog entry. Don't try ANY of this unless you're CERTAIN you
Weblog: Cardspace Community Bloggers
Tracked: Nov 26, 20:02
OpenLDAP Quick Tips: Change loglevels on the fly!
Hi All, Here's the 15th tip in the "OpenLDAP Quick Tips" series: "You want to change your OpenLDAP loglevel to get more information, but can't take your directory server offline": If you've been following the OpenLDAP Quick Tips series, you would
Weblog: The Suretec Blog
Tracked: Dec 02, 13:11

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
 
 

Site Feeds

Quicksearch

Comments

huwge about SureVoIP Selects NetDev's DRUM for Enterprise Audio Conferencing and Web Meetings
Mon, 10.12.2012 09:35
*RT @suretec: SureVoIP Selects NetDev's DRUM for Enterprise A udio Conferencing and Web Meet ings: NetDev, a leading [...]
Lxweb about SureVoIP Launches Innovative API
Wed, 21.03.2012 11:47
*that's a good news for the tec hno world
SureVoIP about SureVoIP Launches Innovative API
Wed, 21.03.2012 10:50
*RT @perlironman: Gavin Henry: SureVoIP Launches Innovative A PI http://t.co/J7MVucsu

Links

Categories



All categories
Get The Suretec Blog delivered by email ACCU: professionalism in programming
View our Directors profile on LinkedIn
LXer Logo

Powered by

Serendipity PHP Weblog
tweetbackcheck