RE: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf

["Matthew Hardin" <mhardin [at] symas.com>]

Hi Christian,

> -----Original Message-----
> From: owner-nssldap@padl.com [owner-nssldap [at] padl.com] On Behalf Of
> Christian Ritter
> Sent: Friday, September 21, 2007 8:42 PM
> To: nssldap@padl.com
> Subject: [nssldap] nss ldap truncates users after turning on indexing in
> slapd.conf
> 
> Hello,
> 
> I have a very strange Problem, we have an ldap server which serves about
> 1500 users.
> I searched the whole web and couldnt find an awnser. ;(
> After we had some performance probelms with our ldap directory I added
> 
> index objectclass             eq
> 
> to our slapd.conf First everything looked fine.
> 
> But now getent passwd only returns 1082 users, and when i remove the
> entry from slapd conf and restart slapd
> i get all 1528 users. Only UIDS from 1010 till 4828 will be returned if
> this option is set.

This is probably more of an LDAP server problem than an nss_ldap problem...

If you add a new index to an existing database you need to run the slapindex
command to generate index entries for the objects that are already in the
db. See the slapindex man page for additional information.

> When i access the ldap directory with other tools i can see all users.

OpenLDAP will choose which indexes to use based on the filters that are
specified in a given search operation. If you specify a search filter that
triggers the use of an incomplete index, you will only get back a partial
result set. At a guess, your 'other tools' use a filter of objectclass=*,
which would use a pres index for objectclass and not an eq index, and since
you probably haven't created a pres index (that's not even a good idea for
the objectclass attribute), no index was used to produce the result set.
Hence you got back a complete set of results.

I hope this helps...

-Matt

Matthew Hardin
Symas Corporation- The LDAP Guys

http://www.symas.com
 
> Kind Regards
> 
> Christian