Create a vlvsearch object with the following properties:
vlvbase: YourBaseContext vlvfilter: (&(objectclass=top)(objectclass=person) (objectclass=organizationalPerson) (objectclass=inetorgperson)) vlvscope: 2
The vlvbase attribute must match the value specified in the Base Context resource attribute. The vlvfilter attribute must contain the classes specified in the Object Classes resource attribute in the format shown. The vlvscope value of 2 indicates subtree searches.
Create a vlvindex component as a subobject of vlvsearch. The vlvsort attribute must be set to uid.
Build the VLV index using the vlvindex command or other mechanism.
Set permissions through access control instructions (ACI) for the following:
If you have not already done so, create a browsing index for the changelog. If you use the Directory Server user interface, then by default, a vlvsearch object named “MCC cn=changelog” and a vlvindex object named “SN MCC cn=changelog” will be created.
Set permissions through access control instructions (ACI) so that the Identity Manager account has read, compare, and search rights for the following:
The changelog (cn=changelog)
The vlvsearch object (cn=”MCC cn=changelog”,cn=config,cn=ldbm)
The vlvindex object (“SN MCC cn=changelog”,cn=config,cn=ldbm)
On some versions of Directory Server, the changelog nsLookThroughLimit attribute has a hard-coded value of 5,000. To avoid hitting the changelog lookthrough limit, restrict the maximum number of changelog entries that are kept on the server to less than 5,000. To avoid losing changelog entries, set the polling frequency for the adapter to a short interval.