Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Christian Ritter <ritter [at] informatik.uni-mannheim.de>
To: mhardin [at] symas.com, nssldap [at] padl.com
Subject: Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf
Date: Sat, 22 Sep 2007 19:01:14 +0200

Hi Matthew,

Thank you very much, after using slapindex now everything works fine.
I was totally confused that other tools could see all entries and
nss_ldap not
thats why I didn't thought about using slapindex.

Thanks for saving my weekend ;)

Christian


Matthew Hardin schrieb:
> Hi Christian,
>
>   
>> -----Original Message-----
>> From: owner-nssldap@padl.com [owner-nssldap [at] padl.com] On Behalf Of
>> Christian Ritter
>> Sent: Friday, September 21, 2007 8:42 PM
>> To: nssldap@padl.com
>> Subject: [nssldap] nss ldap truncates users after turning on indexing in
>> slapd.conf
>>
>> Hello,
>>
>> I have a very strange Problem, we have an ldap server which serves about
>> 1500 users.
>> I searched the whole web and couldnt find an awnser. ;(
>> After we had some performance probelms with our ldap directory I added
>>
>> index objectclass             eq
>>
>> to our slapd.conf First everything looked fine.
>>
>> But now getent passwd only returns 1082 users, and when i remove the
>> entry from slapd conf and restart slapd
>> i get all 1528 users. Only UIDS from 1010 till 4828 will be returned if
>> this option is set.
>>     
>
> This is probably more of an LDAP server problem than an nss_ldap problem...
>
> If you add a new index to an existing database you need to run the slapindex
> command to generate index entries for the objects that are already in the
> db. See the slapindex man page for additional information.
>
>   
>> When i access the ldap directory with other tools i can see all users.
>>     
>
> OpenLDAP will choose which indexes to use based on the filters that are
> specified in a given search operation. If you specify a search filter that
> triggers the use of an incomplete index, you will only get back a partial
> result set. At a guess, your 'other tools' use a filter of objectclass=*,
> which would use a pres index for objectclass and not an eq index, and since
> you probably haven't created a pres index (that's not even a good idea for
> the objectclass attribute), no index was used to produce the result set.
> Hence you got back a complete set of results.
>
> I hope this helps...
>
> -Matt
>
> Matthew Hardin
> Symas Corporation- The LDAP Guys
>
> http://www.symas.com
>  
>   
>> Kind Regards
>>
>> Christian
>>     
>
>
>
>

[nssldap] nss ldap truncates users after turning on indexing in slapd.conf, Christian Ritter
- RE: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf, Matthew Hardin
  - Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf, Christian Ritter
- Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf, Hallvard B Furuseth

Prev by Date: RE: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf
Next by Date: Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf
Previous by thread: RE: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf
Next by thread: Re: [nssldap] nss ldap truncates users after turning on indexing in slapd.conf