Hanspeter Kunz writes:
I want to find all entries in my ldap directory that contain certain ou's, e.g.
ldapsearch -x "(ou:dn:=Administration)"
which returns (in my case) all entries that correspond to administrative staff. The query works but it is slow and puts a high load on the ldap server.
I wonder if I can create an index which would speed things up, but I could not figure out what I should index.
You can't. You can index 'ou', search for each admin OU, and then issue one search request based on each returned DN. The OU filter would be something like (&(ou=Administration)(ou:dn:=Administration)) or maybe (&(ou=Administration)(objectClass=organizationalUnit)(ou:dn:=Administration)).
Remember to drop OU DNs below other returned OU DNs to avoid duplicates, i.e. ou=Administration,ou=foo,ou=Administration,ou=bar,dc=example,dc=com.