[Date Prev][Date Next] [Chronological] [Thread] [Top]

Index Usage

To: openldap-technical@openldap.org
Subject: Index Usage
From: Paul <paul@ehawaii.gov>
Date: Mon, 20 Dec 2010 12:44:37 -1000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7

Hi all,

When I started at this job I acquired OpenLDAP based authenticationinfrastructure, which I've pretty much been able to leave to its owndevices without looking under the hood at what's going on. RecentlyI've been noticing that a few minor performance problems I'm having seemto be linked to LDAP so I've started looking at how it's set up and it'sgot some quirks, e.g.


# Indices to maintain
index           entryUUID                       eq
index           cn,sn,uid,displayName           pres,sub,eq
index           uidNumber                       eq
index           gidNumber                       eq
index           memberUid                       eq
index           sambaSID                        eq
index           sambaPrimaryGroupSID            eq
index           sambaDomainName                 eq
index           sambaGroupType                  eq
index           sambaSIDList                    eq
index           sudoUser                        eq
index           uniqueMember,member             eq
index           objectClass                     pres,eq
index           mail,mailAlternateAddress       eq,sub
index           accountStatus                   eq
index           mailHost,deliveryMode           eq
index           Status,HostGroup          eq
index           default                         sub

There are only around 600 users in the ldap tree, hardly anything. Itseems a bit excessive to have that many indexes set up for the tree. Isthere any way to identify which indexes are being used and howfrequently? I'm pretty certain some of those entries probably getchecked once in a blue moon.


I'm also seeing odd entries in the ldap logs:

Dec 20 11:21:17 <server> slapd[11171]: <= bdb_equality_candidates:(objectClass) index_param failed (18)Dec 20 11:21:17 <server> slapd[11171]: <= bdb_equality_candidates:(objectClass) index_param failed (18)Dec 20 11:21:17 <server> slapd[11171]: <= bdb_equality_candidates:(gidNumber) index_param failed (18)

Which seems bizarre given those entries are in the list of indexes.I've tried running slapindex and restarting to no avail. Those itemsstill seem to throw up those alerts, as does the sudoUser entry.

On a separate note I've found the slapcat doesn't produce an LDIF filethat slapadd will use, even keeping to the same version of software(2.3.37), or importing into newer (2.3.43).It always errors after the first entry because it seems to be trying toadd a user to an ou that doesn't exist yet, which disturbs me slightlybecause the backup infrastructure has been relying on that mechanism forrecovery. To create another ldap slave I ended up having to use ApacheDirectory Studio to create the LDIF for import, which slapadd wasperfectly happy to work with. I'm not sure if that may be a known bugthat I'm running up against. I see a few entries in archives relatingto it but not much by way of response other than suggests it should work.


Paul

Follow-Ups:
- Re: Index Usage
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Can't read attribute except as root
Next by Date: Re: Index Usage
Index(es):
- Chronological
- Thread