Hi listers Installation here: openldap-servers-2.4.15-7.fc11.i586
One master server, two backup servers (syncrepl). All authentication and mailing is managed by ldap. 1. About indexing: When i check the slapd-log, i see many <= bdb_equality_candidates: (uidNumber) not indexed <= bdb_equality_candidates: (gidNumber) not indexed In the discussion about slapd tuning http://www.openldap.org/doc/admin24/tuning.html#Indexes, however, i read that if each entry in a certain set of ldap-entries has got the candidate-attribute, it is not worth while to index the attribute, because slapd needs to read each entry in any case in order to find the requested one. this is the case for uidNumber as well as gidNumber, because both are compulsory attributes for objectClass posixAccount. My first question: is it therefore correct to disregard the above indexing requests of slapd? 2. About slapindex: When it comes to use slapindex, the docu is not clear about how to do that. Some places say, that you need to stop slapd entirely, some places say that it is sufficient to put slapd in read-only mode for the corresponding background database, which in this case would be /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb.ldif this file contains both the olcReadOnly and the olcDbIndex attributes. So i could just add the following two lines in the above file: olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq set the olcReadOnly attribute to TRUE, and restart slapd, and everything would be done automatically? Or would i need to invoke slapindex additionally with the following command slapindex -c And if i had to start slapindex additionally, would slapindex tell me, that the database is in read-only mode, so no changes are possible, not even index changes? And, if i had to start slapindex additionally, i would do it as root. the files generated by slapindex would they be owned by root (inaccessible by slapd) or by the slapd user? Would the new indexes be propagated to the backup servers by syncrepl automatically? If not, what would i have to change on the backup servers? Thank you for your attention suomi
