This content has been marked as final. Show 8 replies
If you have the uid attribute indexed and you are still receiving errors about unindexed searches on that attribute, it may be due to the number of entries returned. Even if you index an attribute, but the number of returned entries is higher than the nsslapd-allidsthreshold value in the dse.ldif file, it will show it is unindexed.
Thanks for the quick responses.
I checked the value of nsslapd-allidsthreshold
(which appears in files
They are both 4000
Now we have more about 4600 uids
in the user/group ou
So do you think that's where the problem
I am entirely new to LDAP (someone configured
it for me long time ago). Be grateful if someone
could give the detailed steps of making it larger and other commands to reindex (which is a
bit scary for the production server)
But I could try it on a testing server first.
Here are the extracts of the access and error logs when the "Add" button (after a uid was entered into the box) was clicked.
Invalid user error line appeared on screen
WARNING<20805> - Backend Database - search is not indexed base='o=bunet' filter='(&(&(mailUserStatus=active)(objectClass=inetmailuser)(mailHost=jsms.our.domain)(uid=cmtsang))(!(mgmanHidden=true)))' scope='sub'
SRCH base="o=bunet" scope=2
(mailHost=netnet.our.top.domain)(uid=cmtsang))(!(mgmanHidden=true)))" attrs="cn mail sn telephoneNumber department"
RESULT err=0 tag=101 nentries=1 etime=7 notes=U
Ok, so the docs on indexing DSEE 6.x are here:
You will want a sandbox to test out listing and creating indexes. Note you will need to configure the index/es and use dsconf reindex to create the database/s.
One curious thing about the access log snippet is the result was 0. If you were still getting the Admin Limit Exceeded error, you should see err=11. So did you still see that error? Are there any other searches that got err=11 in your access log?