On 3/28/22 4:35 PM, Kathy Zhu wrote:
Thank you, Mark!
Actually, since the typo, I read the manual page and googled
db2index.pl <http://db2index.pl> command. It is suggested to stop the
dirsrv process before running the command. If there were no typo, I
would run it without stopping. Thank you!
Yes that would be better, and faster, but the command line tool is
"db2index" in that case, and not the perl script version "db2index.pl".
Thanks,
Mark
Kathy.
On Mon, Mar 28, 2022 at 1:03 PM Mark Reynolds <marey...@redhat.com> wrote:
Ugh, sorry had a typo, each attribute is specified with "-t". So
replace the "-a" with a "-t":
db2index.pl <http://db2index.pl> -D "cn=directory manager" -w
Nur09089 -n userroot -t changenumber:eq -t targetuniqueid:eq
Mark
On 3/28/22 3:44 PM, Kathy Zhu wrote:
Hi Mark,
Thank you! After modifying the DB, when tried to index, I ran into:
[root@ipa2 ~]# db2index.pl <http://db2index.pl> -D "cn=directory
manager" -w Nur09089 -n userroot -t changenumber:eq -a
targetuniqueid:eq
ERROR - Unknown option: -a
Usage: db2index.pl <http://db2index.pl> [-Z serverID] [-D rootdn]
{ -w password | -w - | -j filename } [-P protocol]
-n backendname [-t attributeName[:indextypes[:matchingrules]]]
[-T vlvTag] [-h]
Options:
-D rootdn - Directory Manager
-w password - Directory Manager's password
-w -- Prompt for Directory Manager's password
-j filename - Read Directory Manager's password from file
-Z serverID - Server instance identifer
-n backendname- Backend database name.Example: userRoot
-t attributeName[:indextypes[:matchingrules]]
- attributeName: name of the attribute to be indexed
If omitted, all the indexes defined for that instance are generated.
- indextypes: comma separated index types
- matchingrules: comma separated matrules
Example: -t foo:eq,pres
-T vlvTag - VLV index name
-P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most
secure protocol available)
-h- Display usage
[root@ipa2 ~]#
I am not familar with 389 DB, worry about making mistake here.
Will you please help with the syntax? Thanks.
Kathy.
On Mon, Mar 28, 2022 at 11:44 AM Mark Reynolds
<marey...@redhat.com> wrote:
Kathy,
You need to make sure there are equality indexes for the
following attributes:
* changenumber
* targetuniqueid
Run these commands on all your servers:
# ldapmodify -D "cn=directory manager" -W
dn: cn=changenumber,cn=index,cn=userroot,cn=ldbm
database,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: nsIndex
cn: changenumber
nsSystemIndex: false
nsIndexType: eq
# ldapmodify -D "cn=directory manager" -W
dn: cn=targetuniqueid,cn=index,cn=userroot,cn=ldbm
database,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: nsIndex
cn: targetuniqueid
nsSystemIndex: false
nsIndexType: eq
You might already have one of these indexes already present,
so if you get an error 68 (already exists) it's ok. I think
changenumber is already present, but targetuniqueid is the
one that is missing.
Then you need to index these attributes:
# db2index.pl <http://db2index.pl> -D "cn=directory
manager" -w - -n userroot -t changenumber:eq -a targetuniqueid:eq
That should do it.
HTH,
Mark
On 3/28/22 1:50 PM, Kathy Zhu via FreeIPA-users wrote:
Happy Monday, List!
On my IPA server, top shows dirsrv using lots of resources,
when checking, I found this:
[root@ipa2 ~]# systemctl status dirsrv@EXAMPLE-COM.service -l
...
Mar 28 09:29:56 ipa2.example.com <http://ipa2.example.com>
ns-slapd[1945]: [28/Mar/2022:09:29:56.142846906 -0700] -
NOTICE - ldbm_back_search - Internal unindexed search:
source (cn=server,cn=plugins,cn=config) search
base="cn=changelog" scope=2
filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
conn=0 op=0
Mar 28 09:31:14 ipa2.example.com <http://ipa2.example.com>
ns-slapd[1945]: [28/Mar/2022:09:31:14.176933263 -0700] - ERR
- log_result - Internal unindexed search: source
(cn=server,cn=plugins,cn=config) search base="cn=changelog"
filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
etime=78.977553767 nentries=459824notes=A
Mar 28 09:31:23 ipa2.example.com <http://ipa2.example.com>
ns-slapd[1945]: [28/Mar/2022:09:31:23.311185621 -0700] -
NOTICE - ldbm_back_search - Internal unindexed search:
source (cn=server,cn=plugins,cn=config) search
base="cn=changelog" scope=2
filter="(&(changenumber>=-1)(targetuniqueid=7315af86-7b1911e8-83e6fb86-bfdbf4a5))"
conn=0 op=0
...
Googled and found this bug -
https://bugzilla.redhat.com/show_bug.cgi?id=1951020
However, the bug is for Red Hat 8.3 while we are in Centos 7.9:
CentOS Linux release 7.9.2009 (Core)
ipa-*server*.x86_64 4.6.8-5.el7.centos.7
*slapi-nis*.x86_640.56.5-3.el7_9
*389*-ds-base.x86_641.3.10.2-12.el7_9
*389*-ds-base-libs.x86_64 1.3.10.2-12.el7_9
Any idea of what's going on and how to fix it?
Thanks!
Kathy.
_______________________________________________
FreeIPA-users mailing list --freeipa-users@lists.fedorahosted.org
To unsubscribe send an email
tofreeipa-users-le...@lists.fedorahosted.org
Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report
it:https://pagure.io/fedora-infrastructure
--
Directory Server Development Team
--
Directory Server Development Team
--
Directory Server Development Team
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
