Hello,
I've a strange behavior while using index objectClass for searching.
In my slapd.conf I have defined the index in the database section:
index objectClass eq
Other indexes follows in the config. All of them working fine.
If I search via ldapsearch like:
ldapsearch -x -h localhost -w password -D"cn=admin,ou=root"
-b"ou=root" "(objectclass=Guest)"
I can find following Message in the syslog (loglevel -1):
Sep 1 14:02:52 LDAP01 slapd[17856]: EQUALITY
Sep 1 14:02:52 LDAP01 slapd[17856]: => bdb_equality_candidates (objectClass)
Sep 1 14:02:52 LDAP01 slapd[17856]: => key_read
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_index_read: failed (-30989)
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_equality_candidates: id=0,
first=0, last=0
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=0
first=0 last=0
Sep 1 14:02:52 LDAP01 slapd[17856]: => bdb_filter_candidates
Sep 1 14:02:52 LDAP01 slapd[17856]: EQUALITY
Sep 1 14:02:52 LDAP01 slapd[17856]: => bdb_equality_candidates (objectClass)
Sep 1 14:02:52 LDAP01 slapd[17856]: => key_read
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_index_read 355545 candidates
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_equality_candidates:
id=-1, first=228, last=355772
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=228 last=355772
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_list_candidates: id=-1
first=228 last=355772
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=228 last=355772
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_list_candidates: id=-1
first=112277 last=355755
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=-1
first=112277 last=355755
Sep 1 14:02:52 LDAP01 slapd[17856]: bdb_search_candidates: id=-1
first=112277 last=355755
Sep 1 14:02:52 LDAP01 slapd[17856]: => test_filter
Sep 1 14:02:52 LDAP01 slapd[17856]: EQUALITY
Sep 1 14:02:52 LDAP01 slapd[17856]: <= test_filter 5
Sep 1 14:02:52 LDAP01 slapd[17856]: bdb_search: 112277 does not match filter
Sep 1 14:02:52 LDAP01 slapd[17856]: entry_decode: "cn=Aaa,cn=Bbb,...
Sep 1 14:02:52 LDAP01 slapd[17856]: <= entry_decode(cn=Aaa,cn=Bbb,...
Sep 1 14:02:52 LDAP01 slapd[17856]: => bdb_dn2id("cn=aaa,cn=bbb,...
Sep 1 14:02:52 LDAP01 slapd[17856]: <= bdb_dn2id: got id=0x1b696
Sep 1 14:02:52 LDAP01 slapd[17856]: => test_filter
Sep 1 14:02:52 LDAP01 slapd[17856]: EQUALITY
Sep 1 14:02:52 LDAP01 slapd[17856] ... all other entires following...
As result, the entires are found, but not in the index and the search
takes a very long time.
After this, I have rebuild the complete database via slapcat/slapadd,
rebuild the index via slapindex for objetClass, but nothing helped.
In tried the test above on:
* OpenSuSE 11.1 and openLDAP 2.4.21 and 2.4.23 (linked against libdb-4.5)
* OpenSuSE 11.0 and openLDAP 2.4.9 (linked against libdb-4.5)
* Debian Lenny and openLDAP 2.4.11 (linked against libdb-4.2)
with different databases and a search against a objectClass.
If I try another index (not objectClass) from the slapd.conf the index
works, example:
ldapsearch -x -h localhost -w password -D"cn=admin,ou=root"
-b"ou=root" "(mypk=1234-234)"
Sep 1 14:03:44 LDAP01 slapd[17856]: => bdb_equality_candidates (mypk)
Sep 1 14:03:44 LDAP01 slapd[17856]: => key_read
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_index_read 1 candidates
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_equality_candidates: id=1,
first=112838, last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_list_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_list_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: <= bdb_filter_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: bdb_search_candidates: id=1
first=112838 last=112838
Sep 1 14:03:44 LDAP01 slapd[17856]: => test_filter
Sep 1 14:03:44 LDAP01 slapd[17856]: EQUALITY
Sep 1 14:03:44 LDAP01 slapd[17856]: <= test_filter 6
Sep 1 14:03:44 LDAP01 slapd[17856]: => send_search_entry: conn 1002
dn="cn=Fff,cn=Eee,...
Sep 1 14:03:44 LDAP01 slapd[17856]: <= send_search_entry: conn 1002 exit.
Sep 1 14:03:44 LDAP01 slapd[17856]: send_ldap_result: conn=1002 op=1 p=3
Sep 1 14:03:44 LDAP01 slapd[17856]: send_ldap_response: msgid=2 tag=101 err=0
Sep 1 14:03:44 LDAP01 slapd[17856]: connection_get(12): got connid=1002
Sep 1 14:03:44 LDAP01 slapd[17856]: connection_read(12): checking for
input on id=1002
Sep 1 14:03:44 LDAP01 slapd[17856]: op tag 0x42, time 1283342624
Sep 1 14:03:44 LDAP01 slapd[17856]: conn=1002 op=2 do_unbind
Sep 1 14:03:44 LDAP01 slapd[17856]: connection_close: conn=1002 sd=12
Why does only the objectClass index not work?
The only difference I can see, is that all other indexes are based on
"normal" attributes. I don't know, if it is necessary, but for
objectClass I can't find a attribute definition in the schema. In the
core.schema is the attribute definition for objectClass deactivated
(aka #)...
Here is the Config from the LDAP-Server:
# Schema and objectClass definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/my_ldap_attribute.schema
include /etc/openldap/schema/my_ldap.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit -1
timelimit 300
disallow bind_anon
gentlehup on
tool-threads 1
#######################################################################
# bdb database definitions
#######################################################################
database bdb
suffix "ou=root"
rootdn "cn=root,ou=root"
checkpoint 4096 15
rootpw password
directory /var/lib/ldap
dbnosync
# Indices to maintain
index objectClass,entryUUID,entryCSN eq
index mypk,myusername pres,eq
index myproperty,mylanguage eq
index cn eq,sub
Kindly regards Tim Stone