Ldap – When I modify the index in slapd.conf the same LDAP query does not return the data

indexingldap

I am using openLDAP on a CENTOS server.

To test I use JMETER with LDAP query and my software using thoses entry.

I want to optimize a particular request, I heavily search an OU attribute : description. The search use the l attribute to find it :search filter l=username.
If my index (in slapd.conf)is :

index ou,description,l           eq,pres,sub

Jmeter does not return the description field and my software does not allow me to log anymore.

If I remove this line from slapd.conf or if I use : `index ou,description eq,pres,sub i have the same average response time.

How can I optimize my perfs?
Why indexing l remove the attribute i want from the answer, and make my software unable to use my directory anymore?

Best Answer

Every time you add or remove an index you have to run slapindex and remember to keep the right permissions for database files. For example, on debian with OpenLDAP you have to:

/etc/init.d/slapd stop
slapindex
chown openldap:openldap /var/lib/ldap/*
/etc/init.d/slapd start

Related Solutions

OpenLDAP – Configure Reverse Group Membership Maintenance (memberOf)

I've been struggling with the same thing, the openldap documentation is minimalist and hardly helpful at all. When they went over to a config database (not a bad idea in principle) all the options changed so when people are giving example from /etc/ldap/slapd.conf it is useless with a modern slapd config (such as Ubuntu).

I finally got this working. Here's the summary... first LDIF file:

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof

Second LDIF file:

dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf

Add them into the config database using ldapadd (same as normal config stuff).

It does not automatically update the existing data in the database, so I needed to use slapcat to copy everything out into a temporary file, and visit each group, delete the group and add the same group back in again (forces the memberOf attributes to update correctly). If you are starting with an empty database, then it will correctly update the attributes as objects are added.

Also, note that "olcDatabase={1}hdb" is very typical, but not guaranteed to match your setup. Be sure to check that one.

Ldap – Configuring OpenLDAP as a Active Directory Proxy

You need to add mappings to your slapd.conf file:

moduleload rwm
...
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map objectClass posixGroup group 
rwm-map objectClass posixAccount person
rwm-map objectClass memberUid member

Then you can search for the uid attribute instead of the sAMAccountName attribute in your .htaccess file:

AuthLDAPURL "ldap://breauthsrv01.xxx.de:389/OU=xxx,DC=int,DC=xxx,DC=de?uid?sub"

Best Answer

Related Solutions

OpenLDAP – Configure Reverse Group Membership Maintenance (memberOf)

Ldap – Configuring OpenLDAP as a Active Directory Proxy

Related Topic