[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Indexes not building correctly in OpenLDAP 2.0.21?




John Dalbec wrote:
> 
> I'm getting flaky search results from trailing wildcards.  I have 30
> people that should match the first two searches and 33 that should match
> the last two.  I just dumped and reloaded my database
> (slapindex/slapcat/slapadd -c/slapindex).  The LDIF file looks OK.  I'm
> on Red Hat 7.1.  I suspect the indexes are not building correctly.

*sigh* teach me to use GDBM for anything important...
I've converted to BDB 3.3.11 and all appears well, at least for now.
My backend files have grown by a factor of 3, though.
> 
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services' -LLL dn |
> wc -l
>      60
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services' -LLL dn |
> sort | uniq | wc -l
>      31
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services*' -LLL dn |
> wc -l
>      60
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=computer services*' -LLL dn |
> sort | uniq | wc -l
>      28
> (3 people missing, one gets returned 4x)
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services*' -LLL dn |
> wc -l
>      44
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services*' -LLL dn |
> sort | uniq | wc -l
>      23
> (11 people missing)
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services' -LLL dn |
> wc -l
>      66
> [jpdalbec@mail03 perl]$ ldapsearch -x 'ou=*computer services' -LLL dn |
> sort | uniq | wc -l
>      34
> 
> /etc/openldap/slapd.conf:
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
> 23:32:43 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include         /etc/openldap/schema/redhat/autofs.schema
> include         /etc/openldap/schema/redhat/kerberosobject.schema
> include         /etc/openldap/schema/ysulocal/eduPerson-schema
> include         /etc/openldap/schema/ysulocal/ysuEduPerson.schema
> 
> # Define global ACLs to disable default read access.
> access to * by * read
> sasl-secprops none
> sizelimit 50
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
> 
> #pidfile        /var/run/slapd.pid
> #argsfile       /var/run/slapd.args
> 
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile     /var/lib/ldap/master-slapd.replog
> 
> # Load dynamic backend modules:
> # modulepath    /usr/sbin/openldap
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
> 
> # The next two lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing
> to
> # /usr/share/ssl/certs and running "make slapd.pem".
> TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> 
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> database        ldbm
> suffix          "dc=ysu,dc=edu"
> #suffix         "o=My Organization Name,c=US"
> #rootdn         "uid=root@mail03.cc.ysu.edu"
> rootdn          "cn=Manager,dc=ysu,dc=edu"
> #rootdn         "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # rootpw                secret
> # rootpw                {crypt}ijFYNcSNctBYg
> rootpw          *edited*
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory       /var/lib/ldap
> # Indices to maintain
> # index objectClass,uid,uidNumber,gidNumber,memberUid   eq
> # index cn,mail,surname,givenname                       eq,subinitial
> index   objectClass,uid,uidNumber,gidNumber,memberUid,member    pres,eq
> # index cn,sn,givenname,o,ou,mail,telephoneNumber,fax   pres,eq,sub
> # facsimileTelephoneNumber has no equality or substring match defined
> index   cn,sn,givenname,o,ou,mail,telephoneNumber       pres,eq,sub
> index   eduPersonAffiliation,eduPersonPrimaryAffiliation        pres,eq
> index   eduPersonNickname,eduPersonPrincipalName        pres,eq,sub
> index   ysuEduPersonMajor,ysuEduPersonSchool            pres,eq
> index   ysuEduPersonOutlookDept                         pres,eq,sub
> # Replicas to which we should propagate changes
> #replica host=ldap-1.example.com:389 tls=yes
> #       bindmethod=sasl saslmech=GSSAPI
> #       authcId=host/ldap-master.example.com@EXAMPLE.COM
> # ldbm access control definitions
> access to attr=userPassword
>         by self write
>         by anonymous auth
>         by * none
> access to attrs=mail,uid
>         by * peername="IP=127\.0\.0\.1" read
>         by * peername="IP=150\.134\.10\.20[123]" read
>         by anonymous search
>         by group="cn=Staff,ou=DNGroups,dc=ysu,dc=edu" read
>         by group="cn=Faculty,ou=DNGroups,dc=ysu,dc=edu" read
>         by * search
> access to attr=entry
>         by * read
> access to *
>         by * peername="IP=127\.0\.0\.1" read
>         by * peername="IP=150\.134\.10\.20[123]" read
>         by anonymous none
>         by group="cn=Staff,ou=DNGroups,dc=ysu,dc=edu" read
>         by group="cn=Faculty,ou=DNGroups,dc=ysu,dc=edu" read
>         by * none