On 12/11/2014 01:09 PM, William B wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 11 Dec 2014 10:59:07 -0700
Rich Megginson <[email protected]> wrote:
On 12/10/2014 11:22 PM, William wrote:
Today we added an eq index to a Directory String attribute in our
ds. To our surprise, it stopped matching after a reindex.
The schema for the object does not define an equality type.
What is the default behaviour if no equality type is defined?
From http://tools.ietf.org/html/rfc4512
"
If no equality matching is specified for the attribute type:
- the attribute (of the type) cannot be used for naming;
- when adding the attribute (or replacing all values), no two
values may be equivalent (see 2.2);
- individual values of a multi-valued attribute are not to be
independently added or deleted;
- attribute value assertions (such as matching in search filters
and comparisons) using values of such a type cannot be
performed."
Which means, you are not supposed to use it in a search filter.
However, 389 provides a default equality matching rule, which is essentially a
memcmp(3). When you create an index, it attempts to use the equality matching
rule to create
the equality index. I guess the indexing code is getting confused. Do you
have a /var/lib/dirsrv/slapd-INST/db/userRoot/maildeliveryoption.db4 file? If
so, does it have
anything in it? dbscan -f
/var/lib/dirsrv/slapd-INST/db/userRoot/maildeliveryoption.db4
You can also force the indexing to use a particular matching rule - see
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Indexes-Creating_Indexes.html#Creating_Indexes-Creating_Indexes_from_the_Command_Line
you specify the matching rule to use for the index by using the nsMatchingRule
attribute.
However, I would advise you _not_ to use an attribute type without an
explicitly specified equality rule in a search filter.
Is there some other edge case we are potentially hitting?
389-ds-base version? rpm -q 389-ds-base
389-ds-base-1.2.11.15-47.el6.x86_64
The exact attribute schema in question is:
attributeTypes: ( 2.16.840.1.113730.3.1.16 NAME ( 'mailDeliveryOption' ) DESC
'Netscape Messaging Server 4.x defined attribute' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )
The object has data such that:
uid: foo
mailDeliveryOption: forward
Note there is no trailing character at the end of forward.
Without an equality index the search:
(&(mailDeliveryOption=forward)(uid=foo))
Returns the correct result.
When the equality index is added to mailDeliveryOption, the same search yields
no result.
- --
Sincerely,
William Brown
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUifoJAAoJEO/EFteBqAmaYScQAKeKeZibKC8he3yj9USFCsPT
rqG0IJOj1D8vVI+SjxosuwEGzYC345fSP0gb0RRMB0HwEHCrFWfIAvu9qRbTb891
/ECa8vQ7jhlZjqGdkN3r9Xax40hMOsL/uFu8bCusfIYt2k+RChitsXiKDFIA6iW1
Yo0JitLZnbMQuTxo9rKnaHpJKcenUJo1axfd5o1Za0C54NQ5sMEYXV4HuKdAZtFy
HH2jdjjPlDx/VwcsT7fXQe9YSHinFx0PXdDT4Oz/CQ8ylT7K/TpOAfQNF9+WE6vP
LKERQ9kg/snEaIiwWAirvQP9+wijtSGNJJDUkbSeljZCfZcwTfBr1INzkWEeOAdJ
UaX01UYljSs9FsopDeH6Vtecnd0AcFBI1aze8vAlEeI//4CXn49F/Cy+y1nGI6ik
e2+qk1hsvzwwbfB9bCbgjhbZ624c3YAIAtrZcxDEQLv4ejq3GSzES55YQAVh9FFF
BEg88cfq7aBRdF83v1CYhTcOmEr85BdYwyzNdvfi1hX5NG84nm9LZxa4E+quKzew
znnu52zFuePgrAI8TdgGN+a6HxCGU/Iiyp8nif8tT02Wdx/IVLCa23kud1Iek9j0
l4HillV7aYZRW4osfy3mP3KoSEOjyWlJL9zMBOS66Jb+1Zud3R4hBrpvklDHAejf
cfSCzDBVQpIpORQaLZ8V
=jZVA
-----END PGP SIGNATURE-----
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
