URL: https://github.com/freeipa/freeipa/pull/5157 Author: tiran Title: #5157: Use single update LDIF for indices and add more indices Action: opened
PR body: """ ## Use single update LDIF for indices Index definitions were split across four files. indices.ldif contained the initial subset of indices. Three update files partly duplicated the indices and partly added new indices. All indices are now defined in a single update file that is sorted alphanumerically. The changeset avoids two additional index tasks and reduces installation time by 5 to 10 seconds. ## Add more indices ipaCASubjectDN is used by lightweight sub CA feature. ipaExternalMember is used by ipasam code to assemble MS-PAC records. ipaNTSecurityIdentifier was only index for "pres" and was missing an index on "eq". Samba performs queries with SID string. memberPrincipal is used by S4U2Proxy constrained delegation and by ipa-custodia. Also note that dnaHostname, ipServiceProtocol, ipaCertSubject, and ipaKeyUsage are currently not index because an index would rarely used or have a poor selectivity. Fixes: https://pagure.io/freeipa/issue/8493 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5157/head:pr5157 git checkout pr5157
From 54fda7783479b1700f5ab17fda950e7316687de4 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 21 Sep 2020 15:12:57 +0200 Subject: [PATCH 1/2] Use single update LDIF for indices Index definitions were split across four files. indices.ldif contained the initial subset of indices. Three update files partly duplicated the indices and partly added new indices. All indices are now defined in a single update file that is sorted alphanumerically. The changeset avoids two additional index tasks and reduces installation time by 5 to 10 seconds. Fixes: https://pagure.io/freeipa/issue/8493 Signed-off-by: Christian Heimes <chei...@redhat.com> --- install/share/Makefile.am | 1 - install/share/indices.ldif | 429 ------------ install/updates/20-idoverride_index.update | 22 - install/updates/20-indices.update | 772 ++++++++++++--------- install/updates/20-winsync_index.update | 12 - install/updates/Makefile.am | 2 - ipaserver/install/dsinstance.py | 2 +- 7 files changed, 449 insertions(+), 791 deletions(-) delete mode 100644 install/share/indices.ldif delete mode 100644 install/updates/20-idoverride_index.update delete mode 100644 install/updates/20-winsync_index.update diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 3b437f065a..1c1cd25db2 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -44,7 +44,6 @@ dist_app_DATA = \ dnssec.ldif \ domainlevel.ldif \ kerberos.ldif \ - indices.ldif \ bind.ipa-ext.conf.template \ bind.ipa-options-ext.conf.template \ bind.named.conf.template \ diff --git a/install/share/indices.ldif b/install/share/indices.ldif deleted file mode 100644 index 1e83c1046d..0000000000 --- a/install/share/indices.ldif +++ /dev/null @@ -1,429 +0,0 @@ -dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:krbPrincipalName -nsSystemIndex:false -nsIndexType:eq -nsIndexType:sub -nsIndexType:pres -nsMatchingRule:caseIgnoreIA5Match -nsMatchingRule:caseExactIA5Match - -dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:ou -nsSystemIndex:false -nsIndexType:eq -nsIndexType:sub - -dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:carLicense -nsSystemIndex:false -nsIndexType:eq -nsIndexType:sub - -dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:title -nsSystemIndex:false -nsIndexType:eq -nsIndexType:sub - -dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:manager -nsSystemIndex:false -nsIndexType:eq -nsIndexType:pres -nsIndexType:sub - -dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:secretary -nsSystemIndex:false -nsIndexType:eq -nsIndexType:pres -nsIndexType:sub - -dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:displayname -nsSystemIndex:false -nsIndexType:eq -nsIndexType:sub - -dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: modify -add: nsIndexType -nsIndexType:sub - -dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:uidnumber -nsSystemIndex:false -nsIndexType:eq -nsMatchingRule: integerOrderingMatch - -dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -objectClass:top -objectClass:nsIndex -cn:gidnumber -nsSystemIndex:false -nsIndexType:eq -nsMatchingRule: integerOrderingMatch - -dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: modify -replace: nsIndexType -nsIndexType: eq -nsIndexType: pres - -dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: modify -replace: nsIndexType -nsIndexType: eq -nsIndexType: pres - -dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -ObjectClass: top -ObjectClass: nsIndex -cn: fqdn -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -ObjectClass: top -ObjectClass: nsIndex -cn: macAddress -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres - -dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberHost -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberUser -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: sourcehost -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberservice -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: managedby -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberallowcmd -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberdenycmd -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipasudorunas -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipasudorunasgroup -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: automountkey -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres - -dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: automountMapName -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaConfigString -objectClass:top -objectClass:nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaEnabledFlag -objectClass:top -objectClass:nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaKrbAuthzData -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: sub - -dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipakrbprincipalalias -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipauniqueid -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaMemberCa -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaMemberCertProfile -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub - -dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: userCertificate -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres - -dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipalocation -ObjectClass: top -ObjectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres - -dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: krbCanonicalName -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: sub - -dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: serverhostname -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: sub - -dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: description -objectClass: top -objectClass: nsindex -nssystemindex: false -nsindextype: eq -nsindextype: sub - -dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: l -objectClass: top -objectClass: nsindex -nssystemindex: false -nsindextype: eq -nsindextype: sub - -dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: nsOsVersion -objectClass: top -objectClass: nsindex -nssystemindex: false -nsindextype: eq -nsindextype: sub - -dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: nsHardwarePlatform -objectClass: top -objectClass: nsindex -nssystemindex: false -nsindextype: eq -nsindextype: sub - -dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: nsHostLocation -objectClass: top -objectClass: nsindex -nssystemindex: false -nsindextype: eq -nsindextype: sub - -# NOTE: There is no index on ipServiceProtocol because the index would have -# poor selectivity. An ipService entry has either 'tcp' or 'udp' as protocol. -dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipServicePort -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: accessRuleType -objectClass:top -objectClass:nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: hostCategory -objectClass:top -objectClass:nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: idnsName -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: ipaCertmapData -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: altSecurityIdentities -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq - -dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -changetype: add -cn: memberManager -objectClass: top -objectClass: nsIndex -nsSystemIndex: false -nsIndexType: eq -nsIndexType: pres diff --git a/install/updates/20-idoverride_index.update b/install/updates/20-idoverride_index.update deleted file mode 100644 index 63d622f1f0..0000000000 --- a/install/updates/20-idoverride_index.update +++ /dev/null @@ -1,22 +0,0 @@ -# -# Make sure ID override attributes have the correct indexing -# - -dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaOriginalUid -default:ObjectClass: top -default:ObjectClass: nsIndex -default:nsSystemIndex: false -only: nsIndexType: eq -only: nsIndexType: pres - -dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaAnchorUUID -default:ObjectClass: top -default:ObjectClass: nsIndex -default:nsSystemIndex: false -only: nsIndexType: eq -only: nsIndexType: pres - -dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -remove:cn: ipaOriginalUid diff --git a/install/updates/20-indices.update b/install/updates/20-indices.update index 65ee183a80..0e911ded70 100644 --- a/install/updates/20-indices.update +++ b/install/updates/20-indices.update @@ -1,412 +1,536 @@ +# Indices # -# Some nss_ldap implementations will always ask for memberuid so we must -# have an index for it. +# DS 1.4.3 defines default indices for: # -# FreeIPA frequently searches for memberHost and memberUser to determine -# group membership. +# * aci: pres [SYSTEM] +# * cn: eq, pres, sub +# * entryusn: eq / integerOrderingMatch [SYSTEM] +# * givenName: eq, pres, sub +# * mail: eq, pres, sub +# * mailAlternateAddress: eq +# * mailHost: eq +# * member: eq +# * memberOf: eq +# * nsCertSubjectDN: eq [SYSTEM] +# * nsTombstoneCSN: eq [SYSTEM] +# * nsUniqueId: eq [SYSTEM] +# * ntUniqueId: eq [IPA: +pres] +# * ntUserDomainId: eq [IPA: +pres] +# * numsubordinates: pres [SYSTEM] +# * objectClass: eq [SYSTEM] +# * owner: eq [IPA: +sub] +# * parentId: eq / integerOrderingMatch [SYSTEM] +# * seealso: eq [IPA: +sub] +# * sn: eq, pres, sub +# * targetuniqueid: eq +# * telephoneNumber: eq, pres, sub +# * uid: eq [IPA: +pres] +# * uniqueMember: eq [IPA: +sub] # -dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberuid -default:ObjectClass: top -default:ObjectClass: nsIndex +# - cn uses "only" to avoid bugs like https://pagure.io/freeipa/issue/6975 +# - nsIndexType and nsMatchingRule use "add" to allow users to add +# additional index types and matching rules more easily. The "add" command +# adds additional attribute values that are required by IPA but does not +# remove user defined values. +# +# NOTE: There is no index on ipServiceProtocol because the index would have +# poor selectivity. An ipService entry has either 'tcp' or 'udp' as protocol. +# +# Please keep entries in alphanumeric order. +# + +dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: accessRuleType +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres +add:nsIndexType: eq -dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberHost -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: altSecurityIdentities +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberUser -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: automountkey +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: automountMapName +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq -dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: sub +dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: carLicense +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: sub +dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config +only:cn: description +default:objectClass: nsindex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: displayname +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: fqdn +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=seealso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only:nsIndexType: eq -only:nsIndexType: sub +dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: gidnumber +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsMatchingRule: integerOrderingMatch -dn: cn=memberof,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberof -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: hostCategory +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -default:nsIndexType: eq +add:nsIndexType: eq -dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: fqdn -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: idnsName +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: macAddress -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaallowedtarget +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -default:nsIndexType: eq -default:nsIndexType: pres +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: sourcehost -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaAnchorUUID +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberservice -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaassignedidview +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: managedby -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaCertmapData +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberallowcmd -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaConfigString +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: memberdenycmd -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaEnabledFlag +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipasudorunas -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaKrbAuthzData +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipasudorunasgroup -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipakrbprincipalalias +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: automountkey -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipalocation +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -default:nsIndexType: eq +add:nsIndexType: eq add:nsIndexType: pres -dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: automountMapName -default: ObjectClass: top -default: ObjectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaMemberCa +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaConfigString -default: objectClass:top -default: objectClass:nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaMemberCertProfile +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaEnabledFlag -default: objectClass:top -default: objectClass:nsIndex +dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only: cn: ipaNTSecurityIdentifier +default: objectClass: top +default: objectClass: nsIndex default: nsSystemIndex: false -default: nsIndexType: eq +add: nsIndexType: pres -dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaKrbAuthzData +dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only: cn: ipaNTTrustPartner default: objectClass: top default: objectClass: nsIndex default: nsSystemIndex: false -default: nsIndexType: eq -default: nsIndexType: sub +add: nsIndexType: pres -dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipakrbprincipalalias -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaOriginalUid +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -default:nsIndexType: eq +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipauniqueid -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipasudorunas +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -default:nsIndexType: eq +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub + +dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipasudorunasgroup +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipatokenradiusconfiglink -default:ObjectClass: top -default:ObjectClass: nsIndex +only:cn: ipatokenradiusconfiglink +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaassignedidview -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipauniqueid +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaallowedtarget -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipServicePort +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaMemberCa -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: krbCanonicalName +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipaMemberCertProfile -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: krbPasswordExpiration +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres -only:nsIndexType: sub +add:nsIndexType: eq -dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: userCertificate -default:ObjectClass: top -default:ObjectClass: nsIndex -only:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres +dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: krbPrincipalName +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub +add:nsMatchingRule: caseIgnoreIA5Match +add:nsMatchingRule: caseExactIA5Match -dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ntUniqueId -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config +only:cn: l +default:objectClass: nsindex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ntUserDomainId -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: macAddress +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: ipalocation -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: managedby +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only:nsIndexType: eq -only:nsIndexType: pres +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default:cn: krbPrincipalName -default:ObjectClass: top -default:ObjectClass: nsIndex +dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: manager +default:objectClass: nsIndex +default:objectClass: top default:nsSystemIndex: false -only: nsMatchingRule: caseIgnoreIA5Match -only: nsMatchingRule: caseExactIA5Match -only:nsIndexType: eq -only:nsIndexType: sub -only:nsIndexType: pres +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: krbCanonicalName -default: objectClass: top -default: objectClass: nsIndex -only: nsSystemIndex: false -only: nsIndexType: eq -only: nsIndexType: sub +dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: member +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: serverhostname -default: objectClass: top -default: objectClass: nsIndex -only: nsSystemIndex: false -only: nsIndexType: eq -only: nsIndexType: sub +dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberallowcmd +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub +add:nsMatchingRule: caseIgnoreIA5Match +add:nsMatchingRule: caseExactIA5Match -dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -default: cn: description -default: objectclass: top -default: objectclass: nsindex -default: nssystemindex: false -default: nsindextype: eq -default: nsindextype: sub +dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberdenycmd +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -default: cn: l -default: objectclass: top -default: objectclass: nsindex -default: nssystemindex: false -default: nsindextype: eq -default: nsindextype: sub +dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberHost +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -default: cn: nsOsVersion -default: objectclass: top -default: objectclass: nsindex -default: nssystemindex: false -default: nsindextype: eq -default: nsindextype: sub +dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberManager +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres + +dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberservice +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub + +dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberuid +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres + +dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberUser +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -default: cn: nsHardwarePlatform -default: objectclass: top -default: objectclass: nsindex -default: nssystemindex: false -default: nsindextype: eq -default: nsindextype: sub +only:cn: nsHardwarePlatform +default:objectClass: nsindex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config -default: cn: nsHostLocation -default: objectclass: top -default: objectclass: nsindex -default: nssystemindex: false -default: nsindextype: eq -default: nsindextype: sub +only:cn: nsHostLocation +default:objectClass: nsindex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipServicePort -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config +only:cn: nsOsVersion +default:objectClass: nsindex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: accessRuleType -default: objectClass:top -default: objectClass:nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ntUniqueId +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: hostCategory -default: objectClass:top -default: objectClass:nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ntUserDomainId +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres -dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: idnsName -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ou +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaCertmapData -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: owner +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: altSecurityIdentities -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: secretary +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: memberManager -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq -default: nsIndexType: pres +dn: cn=seealso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: seealso +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: krbPasswordExpiration -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: eq +dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: serverhostname +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub -dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaNTTrustPartner -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: pres +dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: sourcehost +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres +add:nsIndexType: sub -dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -default: cn: ipaNTSecurityIdentifier -default: objectClass: top -default: objectClass: nsIndex -default: nsSystemIndex: false -default: nsIndexType: pres +dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: title +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub + +dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: uid +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub + +dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: uidnumber +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsMatchingRule: integerOrderingMatch + +dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: uniquemember +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: sub + +dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: userCertificate +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq +add:nsIndexType: pres diff --git a/install/updates/20-winsync_index.update b/install/updates/20-winsync_index.update deleted file mode 100644 index 45c8ae4b60..0000000000 --- a/install/updates/20-winsync_index.update +++ /dev/null @@ -1,12 +0,0 @@ -# -# Make sure winsync attributes have the correct indexing -# - -dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only: nsIndexType: eq -only: nsIndexType: pres - -dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config -only: nsIndexType: eq -only: nsIndexType: pres - diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 957ad4fa24..72173746f1 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -22,8 +22,6 @@ app_DATA = \ 20-sslciphers.update \ 20-syncrepl.update \ 20-user_private_groups.update \ - 20-winsync_index.update \ - 20-idoverride_index.update \ 20-uuid.update \ 20-default_password_policy.update \ 20-whoami.update \ diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index a7c8864038..915a7473f5 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -1023,7 +1023,7 @@ def __add_principal(last_cn, principal, self): __add_principal('ipa-ldap-delegation-targets', 'ldap', self) def __create_indices(self): - self._ldap_mod("indices.ldif") + self._ldap_update(["20-indices.update"]) def __certmap_conf(self): write_certmap_conf(self.realm, self.ca_subject) From 672d4cd9b2501acd92f7471ab00d14a72fe8b0de Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 28 Sep 2020 13:20:45 +0200 Subject: [PATCH 2/2] Add more indices ipaCASubjectDN is used by lightweight sub CA feature. ipaExternalMember is used by ipasam code to assemble MS-PAC records. ipaNTSecurityIdentifier was only index for "pres" and was missing an index on "eq". Samba performs queries with SID string. memberPrincipal is used by S4U2Proxy constrained delegation and by ipa-custodia. Also note that dnaHostname, ipServiceProtocol, ipaCertSubject, and ipaKeyUsage are currently not index because an index would rarely used or have a poor selectivity. Signed-off-by: Christian Heimes <chei...@redhat.com> --- install/updates/20-indices.update | 43 ++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/install/updates/20-indices.update b/install/updates/20-indices.update index 0e911ded70..ecf7d62db7 100644 --- a/install/updates/20-indices.update +++ b/install/updates/20-indices.update @@ -27,15 +27,30 @@ # * uid: eq [IPA: +pres] # * uniqueMember: eq [IPA: +sub] # +# +# Unindex attributes +# ------------------ +# +# Some attributes are currently not indexed because an index would not be +# rarely used or have a poor selectivity. +# +# - dnaHostname: only used by update_dna_shared_config, server_del, and +# ipa-replica-install +# - ipServiceProtocol: not used by SSSD at the moment and has a poor +# selectivity ('tcp' or 'udp') +# - ipaCertSubject: only queried in update_fix_duplicate_cacrt_in_ldap +# - ipaKeyUsage: rarely used by ipa-custodia and poor selectivity +# ('digitalSignature' or 'dataEncipherment') +# +# Update rules +# ------------ +# # - cn uses "only" to avoid bugs like https://pagure.io/freeipa/issue/6975 # - nsIndexType and nsMatchingRule use "add" to allow users to add # additional index types and matching rules more easily. The "add" command # adds additional attribute values that are required by IPA but does not # remove user defined values. # -# NOTE: There is no index on ipServiceProtocol because the index would have -# poor selectivity. An ipService entry has either 'tcp' or 'udp' as protocol. -# # Please keep entries in alphanumeric order. # @@ -149,6 +164,13 @@ add:nsIndexType: eq add:nsIndexType: pres add:nsIndexType: sub +dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaCASubjectDN +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq + dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config only:cn: ipaCertmapData default:objectClass: nsIndex @@ -170,6 +192,13 @@ default:objectClass: top default:nsSystemIndex: false add:nsIndexType: eq +dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: ipaExternalMember +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq + dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config only:cn: ipaKrbAuthzData default:objectClass: nsIndex @@ -216,6 +245,7 @@ only: cn: ipaNTSecurityIdentifier default: objectClass: top default: objectClass: nsIndex default: nsSystemIndex: false +add: nsIndexType: eq add: nsIndexType: pres dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config @@ -379,6 +409,13 @@ default:nsSystemIndex: false add:nsIndexType: eq add:nsIndexType: pres +dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +only:cn: memberPrincipal +default:objectClass: nsIndex +default:objectClass: top +default:nsSystemIndex: false +add:nsIndexType: eq + dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config only:cn: memberservice default:objectClass: nsIndex
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org