[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch: wildcard search do not list all entries



On 27.09.2013 15:53, Hallvard Breien Furuseth wrote:
Birgit Ohlenbusch writes:
A wildcard search like
    ldapsearch (...) uid='xyzzs*' uid

lists only three entries:
(...)
     dn: uid=xyzzs146,ou=Accounts,xx
     uid: xyzzs146

     dn: uid=xyzzs147,ou=Accounts,xx
     uid: xyzzs147

     dn: uid=xyzzs148,ou=Accounts,xx
     uid: xyzzs148

though there exists more, which can be displayed with ldapsearch not
specifying a filter or by specifying the object
(...)
Reindexing with slapindex solved the problem, ldapsearch with
uid='xyzzs*' shows all those entries, not only three.  But I'm afraid
that this happens again. Can you tell me how somethink like this can
happen and how I can prevent such a situation?

Your 'uid' index thought only three entries existed in the search scope.
A search without an uid filter worked because it did not use the index.

Maybe you edited slapd.conf and inserted an uid index without running
slapindex.  Thata index would initially be empty, telling slapd there
were no entries matching the filter.  Later you added these three
entries, which did get indexed.

The fix is to always run slapindex after editing the indexes.
Or switch to using cn=config and modify the configuration over the
LDAP protocol, then the attributes get reindexed automatically.


Thankyou for your fast response and explanation.

We are using cn=config and are modifying the index with ldapmodify, so over the LDAP protocoll.
But - what can cause an index getting empty? Maybe a restart of the slapd? Or not optimal settings for the hdb database parameters?

And: Is it possible to check if the index is correct?

Best Regards
Birgit

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature