This content has been marked as final. Show 8 replies
A directory log snipplet would definitely help to figure out how the search request is constructed by JMS.
If you have the uid attribute indexed and you are still receiving errors about unindexed searches on that attribute, it may be due to the number of entries returned. Even if you index an attribute, but the number of returned entries is higher than the nsslapd-allidsthreshold value in the dse.ldif file, it will show it is unindexed.
Thanks for the quick responses.
I checked the value of nsslapd-allidsthreshold
(which appears in files
They are both 4000
Now we have more about 4600 uids
in the user/group ou
So do you think that's where the problem
I am entirely new to LDAP (someone configured
it for me long time ago). Be grateful if someone
could give the detailed steps of making it larger and other commands to reindex (which is a
bit scary for the production server)
But I could try it on a testing server first.
We really need the access log snippet here. Without it, we are going on guesswork and theory, which is just nuts if you are talking about a production issue, especially given that with the access log snippet this is a routine problem to troubleshoot.
Here are the extracts of the access and error logs when the "Add" button (after a uid was entered into the box) was clicked.
Invalid user error line appeared on screen
WARNING<20805> - Backend Database - search is not indexed base='o=bunet' filter='(&(&(mailUserStatus=active)(objectClass=inetmailuser)(mailHost=jsms.our.domain)(uid=cmtsang))(!(mgmanHidden=true)))' scope='sub'
SRCH base="o=bunet" scope=2
(mailHost=netnet.our.top.domain)(uid=cmtsang))(!(mgmanHidden=true)))" attrs="cn mail sn telephoneNumber department"
RESULT err=0 tag=101 nentries=1 etime=7 notes=U
Looks like you just need to add an equality index on uid and create the index database. What version of DS are you running?
Thanks. Hope not too much extra work
are needed to mend it.
We are running DS Enterprise Edition 6.0
Ok, so the docs on indexing DSEE 6.x are here:
You will want a sandbox to test out listing and creating indexes. Note you will need to configure the index/es and use dsconf reindex to create the database/s.
One curious thing about the access log snippet is the result was 0. If you were still getting the Admin Limit Exceeded error, you should see err=11. So did you still see that error? Are there any other searches that got err=11 in your access log?