Univention Bugzilla – Bug 47464
index: memberOf not indexed - mdb_equality_candidates
Last modified: 2024-02-08 11:54:18 CET
A customer reported the following syslog message: Aug 3 13:55:23 server slapd[8078]: <= mdb_equality_candidates: (memberOf) not indexed The reason might be the change of the default slapd debug level: Bug #47196.
I have noticed these log entries on a system with ldap/debug/level=0. The critical part is that we have a KB article (https://help.univention.com/t/problem-log-entries-mdb-equality-candidates-o-not-indexed/10259) with a solution for other attributes. It appears as if this does not apply to memberOf. root@dcm:~# /usr/share/univention-ldap/ldap_setup_index --add-eq memberOf Multifile: /etc/ldap/slapd.conf CRITICAL:__main__:Error in OpenLDAP configuration: /etc/ldap/slapd.conf: line 143: index attribute "memberOf" undefined slaptest: bad configuration file! To fix this problem, memberOf has to be removed from the UCRV ldap/index/eq
see https://help.univention.com/t/mdb-equality-candidates-memberof-not-indexed-usr-share-univention-ldap-ldap-setup-index-fails/17190/2
The problem arises from the order of configuration statements in the slapd.conf file. Currently the index definitions come before the loading of the memberof module, so we simply have to change that, so OpenLDAP knows the attribute when the indices are specified. I guess we just need to rename management/univention-ldap-overlay-memberof/conffiles/etc/ldap/slapd.conf.d/41univention-ldap-overlay-memberof to 39univention-ldap-overlay-memberof , to make indexing possible. Regarding the warning message that is topic of this bug please note the general advice by Michael Ströder: https://unix.stackexchange.com/questions/451118/openldap-bdb-equality-candidates-memberof-not-indexed
Is indexing possible? I tried systemctl stop slapd slapindex systemctl start slapd Or should be something removed before?
> Is indexing possible? Reading Comment 3: Superpower! Short answer: No, not with the current slapd.conf
The customers hard disk filled up with the memberOf noch indexed messages. Nextcloud uses this attribute and seems to check it a lot
Can we please fix this? Again in a Ticket:2024011121000367