Hi @All,
i'am currently searching for a possibility to add an index in openldap (cn=config backend) for the "member" of groups.
In my log i got the following message:
475 admin slapd: <= bdb_equality_candidates: (member) not indexed
I found, that "member" is an attribute from an ldap group.
# Entry 1: cn=bind_users,ou=admins,ou=groups,dc=company,dc=de dn: cn=bind_users,ou=admins,ou=groups,dc=company,dc=de cn: bind_users member: cn=apachebind,ou=apache_technical,ou=users,dc=company,dc=de member: cn=wordpressbind1,ou=wordpress_bind,ou=users,dc=company,dc=de objectclass: groupOfNames objectclass: top
How could i add an index for this attribute?
I searched with google and found:
http://www.openldap.org/faq/data/cache/136.html https://wiki.debian.org/LDAP/OpenLDAPSetup http://www.openldap.org/doc/admin24/slapdconf2.html and so on...
With this information i already added indices for
# Entry 1: olcDatabase={1}hdb,cn=config dn: olcDatabase={1}hdb,cn=config objectclass: olcDatabaseConfig objectclass: olcHdbConfig olcdbindex: objectClass eq olcdbindex: cn pres,sub,eq olcdbindex: sn pres,sub,eq olcdbindex: uid pres,sub,eq olcdbindex: displayName pres,sub,eq olcdbindex: default sub olcdbindex: uidNumber eq olcdbindex: gidNumber eq olcdbindex: mail,givenName eq,subinitial olcdbindex: dc eq
If i try to add a new index "olcdbindex: member pres,sub,eq"
i got an failure
Could not perform ldap_modify operation. LDAP said: Other (e.g., implementation specific) error Error number: 0x50 (LDAP_OTHER)
Is anyone able to give me a hint, where i could find more information or help me to find the right search key words?
Am Donnerstag, 26. Januar 2017 22:17 CET, Axel Birndt towerlexa@gmx.de schrieb:
[...]
If i try to add a new index "olcdbindex: member pres,sub,eq"
i got an failure
Could not perform ldap_modify operation. LDAP said: Other (e.g., implementation specific) error Error number: 0x50 (LDAP_OTHER)
First, how do you try to add that entry? Who reports that error number?
Do you really need pres and sub indices for a dn-syntax atribute? IIRC, sub-indices aren't even allowed for the member attribute. Try to only create a eq-Index.
HTH, Ralf Mattes
Is anyone able to give me a hint, where i could find more information or help me to find the right search key words?
--
Gruß/Kind regards
Axel
Am 26.01.2017 um 22:45 schrieb Ralf Mattes:
Am Donnerstag, 26. Januar 2017 22:17 CET, Axel Birndt towerlexa@gmx.de schrieb:
[...]
If i try to add a new index "olcdbindex: member pres,sub,eq"
i got an failure
Could not perform ldap_modify operation. LDAP said: Other (e.g., implementation specific) error Error number: 0x50 (LDAP_OTHER)
First, how do you try to add that entry? Who reports that error number?
Hi Ralf,
i got the error messages at both ways:
-ldif import -phpldapadmin (because i've no better web interface based tool)
Do you really need pres and sub indices for a dn-syntax atribute? IIRC, sub-indices aren't even allowed for the member attribute. Try to only create a eq-Index.
thank you very much for your explanation. I've read about this within the docu. But until now i don't understand, that the pres and sub setting are interesting, because i don't found the explicit explaining for this, until now!
openldap-technical@openldap.org
-
Axel Birndt -
Ralf Mattes