Thank you, Mark!
Actually, since the typo, I read the manual page and googled db2index.pl
command. It is suggested to stop the dirsrv process before running the
command. If there were no typo, I would run it without stopping. Thank you!
Kathy.
On Mon, Mar 28, 2022 at 1:03 PM Mark Reynolds <marey...@redhat.com> wrote:
> Ugh, sorry had a typo, each attribute is specified with "-t". So replace
> the "-a" with a "-t":
>
> db2index.pl -D "cn=directory manager" -w Nur09089 -n userroot -t
> changenumber:eq -t targetuniqueid:eq
>
> Mark
> On 3/28/22 3:44 PM, Kathy Zhu wrote:
>
> Hi Mark,
>
> Thank you! After modifying the DB, when tried to index, I ran into:
>
> [root@ipa2 ~]# db2index.pl -D "cn=directory manager" -w Nur09089 -n
> userroot -t changenumber:eq -a targetuniqueid:eq
>
> ERROR - Unknown option: -a
>
> Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j
> filename } [-P protocol]
>
> -n backendname [-t
> attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-h]
>
> Options:
>
> -D rootdn - Directory Manager
>
> -w password - Directory Manager's password
>
> -w - - Prompt for Directory Manager's password
>
> -j filename - Read Directory Manager's password from file
>
> -Z serverID - Server instance identifer
>
> -n backendname - Backend database name. Example: userRoot
>
> -t attributeName[:indextypes[:matchingrules]]
>
> - attributeName: name of the attribute to be
> indexed
>
> If omitted, all the indexes defined for that
> instance are generated.
>
> - indextypes: comma separated index types
>
> - matchingrules: comma separated matrules
>
> Example: -t foo:eq,pres
>
> -T vlvTag - VLV index name
>
> -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses
> most secure protocol available)
>
> -h - Display usage
>
> [root@ipa2 ~]#
>
> I am not familar with 389 DB, worry about making mistake here. Will you
> please help with the syntax? Thanks.
>
> Kathy.
>
> On Mon, Mar 28, 2022 at 11:44 AM Mark Reynolds <marey...@redhat.com>
> wrote:
>
>> Kathy,
>>
>> You need to make sure there are equality indexes for the following
>> attributes:
>>
>> - changenumber
>> - targetuniqueid
>>
>> Run these commands on all your servers:
>> # ldapmodify -D "cn=directory manager" -W
>> dn: cn=changenumber,cn=index,cn=userroot,cn=ldbm
>> database,cn=plugins,cn=config
>> changetype: add
>> objectClass: top
>> objectClass: nsIndex
>> cn: changenumber
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>>
>> # ldapmodify -D "cn=directory manager" -W
>> dn: cn=targetuniqueid,cn=index,cn=userroot,cn=ldbm
>> database,cn=plugins,cn=config
>> changetype: add
>> objectClass: top
>> objectClass: nsIndex
>> cn: targetuniqueid
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>> You might already have one of these indexes already present, so if you
>> get an error 68 (already exists) it's ok. I think changenumber is already
>> present, but targetuniqueid is the one that is missing.
>>
>> Then you need to index these attributes:
>>
>> # db2index.pl -D "cn=directory manager" -w - -n userroot -t
>> changenumber:eq -a targetuniqueid:eq
>>
>> That should do it.
>>
>> HTH,
>>
>> Mark
>>
>> On 3/28/22 1:50 PM, Kathy Zhu via FreeIPA-users wrote:
>>
>> Happy Monday, List!
>>
>> On my IPA server, top shows dirsrv using lots of resources, when
>> checking, I found this:
>>
>> [root@ipa2 ~]# systemctl status dirsrv@EXAMPLE-COM.service -l
>> ...
>>
>> Mar 28 09:29:56 ipa2.example.com ns-slapd[1945]:
>> [28/Mar/2022:09:29:56.142846906 -0700] - NOTICE - ldbm_back_search -
>> Internal unindexed search: source (cn=server,cn=plugins,cn=config) search
>> base="cn=changelog" scope=2
>> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
>> conn=0 op=0
>>
>> Mar 28 09:31:14 ipa2.example.com ns-slapd[1945]:
>> [28/Mar/2022:09:31:14.176933263 -0700] - ERR - log_result - Internal
>> unindexed search: source (cn=server,cn=plugins,cn=config) search
>> base="cn=changelog"
>> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
>> etime=78.977553767 nentries=459824 notes=A
>>
>> Mar 28 09:31:23 ipa2.example.com ns-slapd[1945]:
>> [28/Mar/2022:09:31:23.311185621 -0700] - NOTICE - ldbm_back_search -
>> Internal unindexed search: source (cn=server,cn=plugins,cn=config) search
>> base="cn=changelog" scope=2
>> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
>> conn=0 op=0
>>
>> ...
>>
>> Googled and found this bug -
>> https://bugzilla.redhat.com/show_bug.cgi?id=1951020
>>
>>
>> However, the bug is for Red Hat 8.3 while we are in Centos 7.9:
>>
>>
>> CentOS Linux release 7.9.2009 (Core)
>>
>> ipa-*server*.x86_64 4.6.8-5.el7.centos.7
>>
>> *slapi-nis*.x86_64 0.56.5-3.el7_9
>>
>> *389*-ds-base.x86_64 1.3.10.2-12.el7_9
>>
>> *389*-ds-base-libs.x86_64 1.3.10.2-12.el7_9
>>
>>
>> Any idea of what's going on and how to fix it?
>>
>>
>> Thanks!
>>
>>
>> Kathy.
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
>> --
>> Directory Server Development Team
>>
>> --
> Directory Server Development Team
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
