2

I am using openLDAP on a CENTOS server.

To test I use JMETER with LDAP query and my software using thoses entry.

I want to optimize a particular request, I heavily search an OU attribute : description. The search use the l attribute to find it :search filter l=username. If my index (in slapd.conf)is :

index ou,description,l           eq,pres,sub

Jmeter does not return the description field and my software does not allow me to log anymore.

If I remove this line from slapd.conf or if I use : `index ou,description eq,pres,sub i have the same average response time.

How can I optimize my perfs?
Why indexing l remove the attribute i want from the answer, and make my software unable to use my directory anymore?

splattne
  • 28,348
  • 19
  • 97
  • 147
Sylario
  • 101
  • 1
  • 11

3 Answers3

2

Every time you add or remove an index you have to run slapindex and remember to keep the right permissions for database files. For example, on debian with OpenLDAP you have to:

/etc/init.d/slapd stop
slapindex
chown openldap:openldap /var/lib/ldap/*
/etc/init.d/slapd start
Hubert Kario
  • 6,351
  • 6
  • 33
  • 65
  • If i run slapindex i have the following error : 'bdb(dc=ldapserver,dc=com): Lock table is out of available locks => bdb_idl_insert_key: c_put id failed: Cannot allocate memory (12) => bdb_tool_entry_reindex: txn_aborted! Accessing a corrupted shared library (80)' I do not have any openldap user. – Sylario Oct 05 '10 at 16:30
  • have you stopped slapd before running slapindex? As I mentioned, the openldap user is correct for debian, it may be different on different distributions. Add those errors to question, they don't look good to me, you may have damaged your database... – Hubert Kario Oct 05 '10 at 16:48
  • Ok, i am recreating a blank directory and using backup this time, thanks! – Sylario Oct 07 '10 at 13:50
0

I ended up doing this

sudo /etc/init.d/slapd stop

sudo -u insert-your-openldap-server-user-here -c slapindex -v

sudo /etc/init.d/slapd start

So on my debian box the user is openldap, which makes the command look like

sudo -u openldap slapindex -v -d 1

0

Though the original poster's answer is solved, here's a solution to OpenLDAP 2.4 users. OpenLDAP 2.4 does not use plain config files anymore, but everything has to be modified using ldapmodify.

First you need to identify your database in question.

[root@ldap-server ~]# cd /etc/openldap/slapd.d/cn=config
[root@ldap-server cn=config]# ls
cn=schema       olcDatabase={0}config.ldif     olcDatabase={1}monitor.ldif
cn=schema.ldif  olcDatabase={-1}frontend.ldif  olcDatabase={2}hdb.ldif

The database here is olcDatabase={2}hdb.ldif and checking for indexes with grep yields:

[root@ldap-server cn=config]# grep olcDbIndex olcDatabase\=\{2\}hdb.ldif
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub

If I need to add, for instance, the poster's index l, I'd prepare the following ldif-file:

[root@ldap-server ~]# cat ldap-hdb-tuning.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: ou,description,l eq,pres,sub

The final step would be running the file with ldapmodify.

[root@ldap-server ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -D cn=config -f ldap-hdb-tuning.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"

If you then look into /var/lib/ldap you'll notice a new index.file named l.bdb which should be growing if you add new records. Note that I didn't find out yet if the index creation is being done on the fly for existing records (I'm currently doing that right now) but I will adapt this answer when I know more.

Community
  • 1
Alexander Janssen
  • 2,557
  • 15
  • 21