When performing an LDAP search, most performance problems are due to the fact that indexes are not present or are not properly configured. By default, the Directory Server is configured so that lookups issued by Communications Express or by Connector for Microsoft Outlook are indexed and should return in a reasonable amount of time. Nevertheless, the Directory Server is not set up for international searches. So one need to alter the existing indexes so that they take into account the collation rules that have been chosen. This is described in the “Managing Indexes” section in the Sun Java System Directory Server 5 2005Q1 Administration Guide.
For example, the CN attribute is indexed by default in the userRoot suffix:
# ldapsearch -D "cn=Directory manager" -b "cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" "objectclass=*" cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config objectClass=top objectClass=nsIndex cn=cn nsSystemIndex=false nsIndexType=pres nsIndexType=eq nsIndexType=sub
To enable it for international searches using the English (US) collation rules, add one nsMatchingRule attribute with the English (US) OID. The clients perform substring searches so it is necessary to add the substring suffix (“.6”) to the OID :
#ldapmodify -D "cn=Directory manager" dn: cn=cn,cn=index,cn=userRoot,cn=ldbm database, cn=plugins,cn=config changetype: modify add: nsMatchingRule nsMatchingRule: 126.96.36.199.188.8.131.52.184.108.40.206.1.6
Do not add any space, tab, or other non-visible characters at the beginning or at the end of the value.
The nsMatchingRule is a multivalued attribute. Different types of searches for the same OID, or different OIDs can be added.
One must then run the db2index.pl script located under serverroot/slapd-instance:
# perl db2index.pl -D "cn=Directory Manager" -w \ secret -n userRoot -t cn
This operation is run online and may take some time to finish. Alternatively the suffix can be reinitialized. See “Reinitializing a Suffix” in the Sun Java System Directory Server 5 2005Q1 Administration Guide.
The console can also be used to add the nsMatchingRule (see the “Managing Indexes” section in the Sun Java System Directory Server 5 2005Q1 Administration Guide).
In the following sections, the list of indexes that need to be modified is provided. Ensure that no non-indexed searches are performed. This can be done by looking at the Directory Server access log file (and looking for a notes=U in the search results entries).