Updating the Indexes for International Searches (Tuning LDAP to Improve Searches in Communications Services Clients)

Tuning LDAP to Improve Searches in Communications Services Clients

Updating the Indexes for International Searches

During an LDAP search, most performance problems occur because indexes are not present or are not properly configured. By default, the Directory Server is configured so that lookups issued by Communications Express or by Connector for Microsoft Outlook are indexed and should return in a reasonable amount of time. Nevertheless, the Directory Server is not set up for international searches. you must alter the existing indexes so that they take into account the collation rules that have been chosen. How to alter the indexes is described in the “Managing Indexes” section in the Sun Java System Directory Server 5 2005Q1 Administration Guide.

For example, the CN attribute is indexed by default in the userRoot suffix:

ldapsearch -D "cn=Directory manager" -b 
"cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" 
"objectclass=*" 
cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 
objectClass=top objectClass=nsIndex 
cn=cn 
nsSystemIndex=false 
nsIndexType=pres 
nsIndexType=eq 
nsIndexType=sub

To enable the indexes for international searches using the English (US) collation rules, add one nsMatchingRule attribute with the English (US) OID. The clients perform substring searches, so add the substring suffix (.6) to the OID :

ldapmodify -D "cn=Directory manager"
dn: cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: modify
add: nsMatchingRule
nsMatchingRule: 1.3.6.1.4.1.42.2.27.9.4.34.1.6

Note –

Do not add a space, tab, or other non-visible characters at the beginning or at the end of the value.

The nsMatchingRule attribute is a multivalued attribute. Different types of searches for the same OID, or different OIDs can be added.

Run the db2index.pl script located under server-root/slapd-instance:

perl db2index.pl -D "cn=Directory Manager" -w \ 
secret -n userRoot -t cn

This script runs online and might take some time to finish. Alternatively, reinitialize the suffix. See “Reinitializing a Suffix” in the Sun Java System Directory Server 5 2005Q1 Administration Guide.

Use console to add the nsMatchingRule attribute (see the “Managing Indexes” section in the Sun Java System Directory Server 5 2005Q1 Administration Guide).

See the following sections for the indexes that need to be modified. Ensure that no non-indexed searches are performed by looking at the Directory Server access log file and for a notes=U in the search results.