Bug 47464 - index: memberOf not indexed - mdb_equality_candidates
index: memberOf not indexed - mdb_equality_candidates
Status: NEW
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
https://unix.stackexchange.com/questi...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-07 12:15 CEST by Stefan Gohmann
Modified: 2024-02-08 11:54 CET (History)
11 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.257
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018080321000596, 2021071521000612, 2022080921000497, 2024011121000367, 2024011121000367
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2018-08-07 12:15:36 CEST
A customer reported the following syslog message:

Aug  3 13:55:23 server slapd[8078]: <= mdb_equality_candidates: (memberOf) not indexed

The reason might be the change of the default slapd debug level: Bug #47196.
Comment 1 Dirk Ahrnke univentionstaff 2020-10-09 12:07:40 CEST
I have noticed these log entries on a system with ldap/debug/level=0.

The critical part is that we have a KB article (https://help.univention.com/t/problem-log-entries-mdb-equality-candidates-o-not-indexed/10259) with a solution for other attributes.

It appears as if this does not apply to memberOf.

root@dcm:~# /usr/share/univention-ldap/ldap_setup_index --add-eq memberOf
Multifile: /etc/ldap/slapd.conf
CRITICAL:__main__:Error in OpenLDAP configuration:
/etc/ldap/slapd.conf: line 143: index attribute "memberOf" undefined
slaptest: bad configuration file!


To fix this problem, memberOf has to be removed from the UCRV ldap/index/eq
Comment 3 Arvid Requate univentionstaff 2021-03-12 19:52:27 CET
The problem arises from the order of configuration statements in the slapd.conf file.
Currently the index definitions come before the loading of the memberof module,
so we simply have to change that, so OpenLDAP knows the attribute when the indices are specified.

I guess we just need to rename  management/univention-ldap-overlay-memberof/conffiles/etc/ldap/slapd.conf.d/41univention-ldap-overlay-memberof to 39univention-ldap-overlay-memberof , to make indexing possible.


Regarding the warning message that is topic of this bug please note the general advice by Michael Ströder:

https://unix.stackexchange.com/questions/451118/openldap-bdb-equality-candidates-memberof-not-indexed
Comment 4 Christina Scheinig univentionstaff 2021-07-19 13:37:08 CEST
Is indexing possible?
I tried 

systemctl stop slapd
slapindex
systemctl start slapd

Or should be something removed before?
Comment 5 Arvid Requate univentionstaff 2021-07-21 12:07:22 CEST
> Is indexing possible?

Reading Comment 3: Superpower!

Short answer: No, not with the current slapd.conf
Comment 12 Christina Scheinig univentionstaff 2024-02-02 15:22:52 CET
The customers hard disk filled up with the memberOf noch indexed messages. Nextcloud uses this attribute and seems to check it a lot
Comment 13 Christina Scheinig univentionstaff 2024-02-08 11:54:18 CET
Can we please fix this? Again in a Ticket:2024011121000367