Spent this afternoon and evening chasing down a strange problem in LDAP.
At about 4:00 this afternoon, ASHTI went into a tailspin, with a load average of about 24. After some poking, I determined it was Samba at fault, and that it was having horrendous performance on searches for rid attribute matches. My first thought, that it was a lack of index on that attribute was correct, but it wasn’t immediately obvious.
I did increase the All IDs number, but that, of course, didn’t do anything. I found out how to export and import the database, though.
I finally figured out how to rebuild the indices from the command line, and noticed that rid and uidnumber weren’t among them. I added those indices via ldapadd and rebuilt.
Adding an index:
ldapadd:
dn: cn=rid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: nsIndex cn: rid nsSystemIndex: false nsIndexType: pres nsIndexType: eq
and then to regenerate: db2index.pl -D ‘CN=Manager’ -w password -n userRoot
Regeneration takes a long time, and may require a restart of the LDAP server at the end (and be careful for crashes in the middle).
It occurs to me to wonder whether this information might have any bearing on the MacOS X login issue…
Posted by Rowan Littell at July 28, 2004 07:58 PM