Hi Mark,
Thank you! After modifying the DB, when tried to index, I ran into:
[root@ipa2 ~]# db2index.pl -D "cn=directory manager" -w Nur09089 -n
userroot -t changenumber:eq -a targetuniqueid:eq
ERROR - Unknown option: -a
Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j
filename } [-P protocol]
-n backendname [-t
attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-h]
Options:
-D rootdn - Directory Manager
-w password - Directory Manager's password
-w - - Prompt for Directory Manager's password
-j filename - Read Directory Manager's password from file
-Z serverID - Server instance identifer
-n backendname - Backend database name. Example: userRoot
-t attributeName[:indextypes[:matchingrules]]
- attributeName: name of the attribute to be indexed
If omitted, all the indexes defined for that
instance are generated.
- indextypes: comma separated index types
- matchingrules: comma separated matrules
Example: -t foo:eq,pres
-T vlvTag - VLV index name
-P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most
secure protocol available)
-h - Display usage
[root@ipa2 ~]#
I am not familar with 389 DB, worry about making mistake here. Will you
please help with the syntax? Thanks.
Kathy.
On Mon, Mar 28, 2022 at 11:44 AM Mark Reynolds <[email protected]> wrote:
> Kathy,
>
> You need to make sure there are equality indexes for the following
> attributes:
>
> - changenumber
> - targetuniqueid
>
> Run these commands on all your servers:
> # ldapmodify -D "cn=directory manager" -W
> dn: cn=changenumber,cn=index,cn=userroot,cn=ldbm
> database,cn=plugins,cn=config
> changetype: add
> objectClass: top
> objectClass: nsIndex
> cn: changenumber
> nsSystemIndex: false
> nsIndexType: eq
>
>
> # ldapmodify -D "cn=directory manager" -W
> dn: cn=targetuniqueid,cn=index,cn=userroot,cn=ldbm
> database,cn=plugins,cn=config
> changetype: add
> objectClass: top
> objectClass: nsIndex
> cn: targetuniqueid
> nsSystemIndex: false
> nsIndexType: eq
>
> You might already have one of these indexes already present, so if you get
> an error 68 (already exists) it's ok. I think changenumber is already
> present, but targetuniqueid is the one that is missing.
>
> Then you need to index these attributes:
>
> # db2index.pl -D "cn=directory manager" -w - -n userroot -t
> changenumber:eq -a targetuniqueid:eq
>
> That should do it.
>
> HTH,
>
> Mark
>
> On 3/28/22 1:50 PM, Kathy Zhu via FreeIPA-users wrote:
>
> Happy Monday, List!
>
> On my IPA server, top shows dirsrv using lots of resources, when checking, I
> found this:
>
> [root@ipa2 ~]# systemctl status [email protected] -l
> ...
>
> Mar 28 09:29:56 ipa2.example.com ns-slapd[1945]:
> [28/Mar/2022:09:29:56.142846906 -0700] - NOTICE - ldbm_back_search -
> Internal unindexed search: source (cn=server,cn=plugins,cn=config) search
> base="cn=changelog" scope=2
> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
> conn=0 op=0
>
> Mar 28 09:31:14 ipa2.example.com ns-slapd[1945]:
> [28/Mar/2022:09:31:14.176933263 -0700] - ERR - log_result - Internal
> unindexed search: source (cn=server,cn=plugins,cn=config) search
> base="cn=changelog"
> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
> etime=78.977553767 nentries=459824 notes=A
>
> Mar 28 09:31:23 ipa2.example.com ns-slapd[1945]:
> [28/Mar/2022:09:31:23.311185621 -0700] - NOTICE - ldbm_back_search -
> Internal unindexed search: source (cn=server,cn=plugins,cn=config) search
> base="cn=changelog" scope=2
> filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
> conn=0 op=0
>
> ...
>
> Googled and found this bug -
> https://bugzilla.redhat.com/show_bug.cgi?id=1951020
>
>
> However, the bug is for Red Hat 8.3 while we are in Centos 7.9:
>
>
> CentOS Linux release 7.9.2009 (Core)
>
> ipa-*server*.x86_64 4.6.8-5.el7.centos.7
>
> *slapi-nis*.x86_64 0.56.5-3.el7_9
>
> *389*-ds-base.x86_64 1.3.10.2-12.el7_9
>
> *389*-ds-base-libs.x86_64 1.3.10.2-12.el7_9
>
>
> Any idea of what's going on and how to fix it?
>
>
> Thanks!
>
>
> Kathy.
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
> --
> Directory Server Development Team
>
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
