I set up a simple ldap-backend to maintain our systems userdatabase. After finding loads of entries in my log like:
Jan 22 17:51:10 ihf2 slapd[18454]: <= bdb_equality_candidates: (uid) index_param failed (18)
I looked up the docs and found that this is cause no proper index for uid is defined.
So I setup a index in slapd.conf
index uid eq
Now there are no such messages in my logs again, but ldap-search does not work anymore !!! And all applications that rely on ldap (postfix, cyrus, nss, pam ..) dont work proper anymore.
As soon as I remove the index, everything is working fine again. This is very strange to me. The proper index-file is created in my ldap-directory: uid.bdb when slapd is started, so I dont think I need to manually create the index after setting an index to an already existing ldap-datebase. I also didnt find anything in the docs about creating an index mannually.
example: without the uid-index:
$ldapsearch -x uid=peter mail
# extended LDIF # # LDAPv3 # base <> with scope sub # filter: uid=peter # requesting: mail #
# peter, user, ihf.local dn: uid=peter,ou=user,dc=ihf,dc=local mail: pilsl@ihf-hr.org
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
and now with the index active:
$ldapsearch -x uid=peter mail
# extended LDIF # # LDAPv3 # base <> with scope sub # filter: uid=peter # requesting: mail #
# search result search: 2 result: 0 Success
# numResponses: 1
--------------------------------------------
my slapd.conf:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/mail.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd.args loglevel 2048 modulepath /usr/lib/ldap moduleload back_bdb backend bdb checkpoint 512 30 database bdb suffix "dc=ihf,dc=local" directory "/data/ldap/ihf" index objectClass eq lastmod on rootdn "cn=ldapadmin,dc=ihf,dc=local" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxx Access to * by * read access to attr=userPassword,userPKCS12 by self write by * auth access to attr=shadowLastChange by self write by * read access to * by * read access to dn.base="" by * read access to * by dn="cn=ldapadmin,dc=ihf,dc=local" write by self write by * read
thnx for any idea, peter
ps: I use slapd 2.2.26 on a ubuntu 6.10-machine
peter pilsl wrote:
I set up a simple ldap-backend to maintain our systems userdatabase. After finding loads of entries in my log like:
Jan 22 17:51:10 ihf2 slapd[18454]: <= bdb_equality_candidates: (uid) index_param failed (18)
I looked up the docs and found that this is cause no proper index for uid is defined.
So I setup a index in slapd.conf
index uid eq
Now there are no such messages in my logs again, but ldap-search does not work anymore !!! And all applications that rely on ldap (postfix, cyrus, nss, pam ..) dont work proper anymore.
As soon as I remove the index, everything is working fine again. This is very strange to me. The proper index-file is created in my ldap-directory: uid.bdb when slapd is started, so I dont think I need to manually create the index after setting an index to an already existing ldap-datebase. I also didnt find anything in the docs about creating an index mannually.
That's funny. In slapd-bdb( 5 ) I see: index {<attrlist>|default} [pres,eq,approx,sub,<special>] Specify the indexes to maintain for the given attribute (or list of attributes). .... Note: changing index settings requires rebuilding indices, see slapindex(8).
ps: I use slapd 2.2.26 on a ubuntu 6.10-machine
You're almost 2 years out of date. Current stable release is 2.3.32. There are good reasons to upgrade, including the ability to configure things at runtime (without server restarts) and have index changes generated automatically.
Howard Chu wrote:
when slapd is started, so I dont think I need to manually create the index after setting an index to an already existing ldap-datebase. I also didnt find anything in the docs about creating an index mannually.
That's funny. In slapd-bdb( 5 ) I see: index {<attrlist>|default} [pres,eq,approx,sub,<special>] Specify the indexes to maintain for the given attribute (or list of attributes). .... Note: changing index settings requires rebuilding indices, see slapindex(8).
thnx. thats it. Dont know why I didnt see that. I read this man-page before asking. I'm completely new to ldap and I'm very confused with loads of things, and seems I was focused on keywords like "reindex" ..
ps: I use slapd 2.2.26 on a ubuntu 6.10-machine
You're almost 2 years out of date. Current stable release is 2.3.32. There are good reasons to upgrade, including the ability to configure things at runtime (without server restarts) and have index changes generated automatically.
I told the newest ubuntu to install ldap and thats what I got. Seems I got something old ... As soon as everything works here I'll upgrade and run into loads of upgrade-troubles ;)
thnx peter
openldap-software@openldap.org
-
Howard Chu -
peter pilsl