Search to two consumers returning different results
Hi,
I have two DS 5.2 consumers:
Consumer 1 - DS5.2 patch 2 running on AIX 5.1
Consumer 2 - DS5.2 patch 4 running on Solaris 10
Both have been built using the same procedures, and have the same schema/config etc. applied.
Both are being replicated to from a 5.2 patch 2 master server (running on AIX 5.1) and contain the same data.
The problem I have is that I am getting different responses for the same search to each consumer.
The search is this:
ldapsearch -h <host> -p <port> -D <bind DN> -w <password> -b"ou=offices,o=company""(cn=*hard*)" dn
Searching consumer 1 it returns the 3 matching dn's I need.
Searching consumer 2 gives this:
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Search is not indexed
I have confirmed that the indexing is identical between the two consumers and I have tried re-indexing consumer 2 via the console.
Interestingly if I try the same search with a slightly different filter:
ldapsearch -h <host> -p <port> -D <bind DN> -w <password> -b"ou=offices,o=company""(cn=*shef*)" dn
It returns 10 matching dn's from both consumers!
Has anyone seen this behaviour before and can tell me what is happening? It's got me completely stumped.
Thanks,
Mark.
[1495 byte] By [
oztricha] at [2007-11-27 2:01:57]
# 1
Hello,
To me it looks "non-indexed" searches are blocked on "consumer 2". Can you please verify this (nsslapd-require-index: on)
-- DS reference doc -
nsslapd-require-index
When switched to on, this attribute allows you to refuse non-indexed or allids searches. This performance related attribute avoids saturating the server with erroneous searches.
Property Value
Entry DN cn=suffixName,cn=ldbm database,cn=plugins,cn=config
Valid Range on | off
Default Value off
Syntax DirectoryString
Example nsslapd-readonly: off
Property Value
Entry DN cn=suffixName,cn=ldbm database,cn=plugins,cn=config
Valid Range on | off
Default Value off
Syntax DirectoryString
Example nsslapd-require-index: off
-
Regards
Randip Malakar
# 2
Hi Randip,
Yes, we have nsslapd-require-index set to 'on', but this is the same on both consumers. I have also verified that the indexing for the cn attribute is consistent across both consumers.
As the cn attribute is indexed, I don't understand why one substring search of cn will work and return the correct entries, but a slightly different search of cn will be rejected as unindexed. Particularly as both searches will work fine on consumer 1.
Thanks,
Mark.
# 4
I've managed to track down the problem.
It looks like, during the build of consumer 2, the allidsthreshold was misconfigured. Although this was picked up and corrected later, it was after the data import had taken place. For some reason, I couldn't fix this with a straight re-indexing, but a full re-import of data seems to have cured it.
Thanks,
Mark.
