Bug 47464 - mdb_equality_candidates: (memberOf) not indexed
mdb_equality_candidates: (memberOf) not indexed
Status: NEW
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
Depends on:
  Show dependency treegraph
Reported: 2018-08-07 12:15 CEST by Stefan Gohmann
Modified: 2021-03-12 19:52 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.006
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018080321000596
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2018-08-07 12:15:36 CEST
A customer reported the following syslog message:

Aug  3 13:55:23 server slapd[8078]: <= mdb_equality_candidates: (memberOf) not indexed

The reason might be the change of the default slapd debug level: Bug #47196.
Comment 1 Dirk Ahrnke univentionstaff 2020-10-09 12:07:40 CEST
I have noticed these log entries on a system with ldap/debug/level=0.

The critical part is that we have a KB article (https://help.univention.com/t/problem-log-entries-mdb-equality-candidates-o-not-indexed/10259) with a solution for other attributes.

It appears as if this does not apply to memberOf.

root@dcm:~# /usr/share/univention-ldap/ldap_setup_index --add-eq memberOf
Multifile: /etc/ldap/slapd.conf
CRITICAL:__main__:Error in OpenLDAP configuration:
/etc/ldap/slapd.conf: line 143: index attribute "memberOf" undefined
slaptest: bad configuration file!

To fix this problem, memberOf has to be removed from the UCRV ldap/index/eq
Comment 3 Arvid Requate univentionstaff 2021-03-12 19:52:27 CET
The problem arises from the order of configuration statements in the slapd.conf file.
Currently the index definitions come before the loading of the memberof module,
so we simply have to change that, so OpenLDAP knows the attribute when the indices are specified.

I guess we just need to rename  management/univention-ldap-overlay-memberof/conffiles/etc/ldap/slapd.conf.d/41univention-ldap-overlay-memberof to 39univention-ldap-overlay-memberof , to make indexing possible.

Regarding the warning message that is topic of this bug please note the general advice by Michael Ströder: