When the rpc.nisd daemon is asked to enumerate an NIS+ table (using niscat(1) for example) that is mapped from LDAP, it will enumerate the corresponding LDAP container if at least one entry in the table has an expired TTL. Although this container enumeration is done in the background, so that LDAP performance is of limited importance, it can nevertheless be beneficial to establish LDAP indices to speed up container enumeration for large containers.
To obtain an estimate of the amount of time required for enumeration of a particular container, you can use a command like the following.
% /bin/time ldapsearch -h server-address -D bind-DN -w password \
-b container, search-base 'cn=*' /dev/null
IP address portion of preferredServerList value from /etc/default/rpc.nisd
nisplusLDAPproxyUser value from /etc/default/rpc.nisd
nisplusLDAPproxyPassword value from /etc/default/rpc.nisd
One of the RFC 2307 container names (ou=Services, ou=Rpc, and so on)
defaultSearchBase value from /etc/default/rpc.nisd
The “real” value printed by /bin/time is the elapsed (wall-clock) time. If this value exceeds a significant fraction (25 percent or more) of the TTL for the corresponding table entries (see Authentication and Security), it might be beneficial to index the LDAP container.
The rpc.nisd supports the simple page and VLV indexing methods. Refer to your LDAP server documentation to find out which indexing methods it supports, and how to create such indices.