1

I am currently busy with learning LDAP. I have a problem with indexes. I know that they are used to improve the performance. However, I could not understand the working principle of indexes in LDAP. For example, as LDAP server, I am working with OpenDJ. There, I can see that attribute sn (surname) does have 5 different index types, which are approximate, Equality, Ordering, Presence and Substring. However, only Ordering is checked.

user207421
  • 305,947
  • 44
  • 307
  • 483
Bernhard Colby
  • 311
  • 5
  • 17
  • 1
    Are you going to award this to someone that's already answered or do you want more detail? I think EJP's answer could be expanded on by him if you need more detail but you need to let him know or he may not see this bounty. – Harry May 05 '16 at 18:30
  • The EJP answered the question after I marked drJava´s answer as correct. That is why, I do not want to change the correct answer, even if the other answer is more detailed. – Bernhard Colby May 05 '16 at 19:56
  • 2
    I think you can change the correct answer. I also think it's encouraged ie the best answer should be at the top so people coming to this question see it. If you think a different answer is correct change it and then give drJava an upvote so they only lose 5 instead of 15 points. – Harry May 05 '16 at 19:59
  • Sorry, I'm not following, why would you close your account? – Harry May 05 '16 at 21:10
  • 1
    I'm really not a point seeker but I find your allocation of the bounty here absolutely bizarre. First you marked a wrong answer as correct, then when it was fixed merely to agree with a comment you gave it the bounty instead of the answer you re-marked as correct. How can an answer get the bounty when another is correct and when all the correct information in it originated elsewhere? – user207421 May 05 '16 at 22:19
  • 1
    Firstly, without knowing the topic, I cannot differentiate whether the answer is correct or not. However, at the end, he corrected also his answer. His answer was marked as correct but with the suggestion of Harry, I changed it and marked your answer as correct, because it was more detailed. Secondly, I wanted to encourage new users. It is a kind of doping for them to get such bonuses. – Bernhard Colby May 05 '16 at 22:43
  • 1
    You haven't addressed any of my questions. How can a wrong answer be correct, and how can an answer with content taken from its own adverse comments be worthy of a bonus? You should be prioritizing *value*, not an extraneous attribute of the poster. At the moment you are just encouraging mere guesswork over detailed research. – user207421 May 06 '16 at 00:23
  • I upvoted some of your answers in compensation for this bounty. I hope, I could make both sites happy. – Bernhard Colby May 06 '16 at 10:04
  • 1
    I repeat. I'm not asking for the bounty, or for random upvoteseither. I'm commenting on the stupidity of awarding your bounty to the worst answer on the page. Your own answer was better. You would be better off not awarding the bounty at all rather than awarding it to blatant guesswork and subsequent plagiarism. Don't reward failure. – user207421 May 16 '16 at 00:03

3 Answers3

4

I could not understand the working principle of indexes in LDAP.

Same as indexes in a database. To speed up queries and updates. Indexes can be provided for any attribute but only the ones that feature in searches should be indexed. You can index an LDAP database with somewhat more abandon than a DBMS because the assumed read::write ratio is much higher, typically 9::1 or more as against 3::1 for an RDBMS, so the cost of indexing on inserts and updates is relatively much less.

For example, as LDAP server, I am working with OpenDJ. There, I can see that attribute sn (surname) does have 5 different index types, which are approximate, Equality, Ordering, Presence and Substring.

These correspond to the different operators you can use in an LDAP search filter: 

  filter     = "(" filtercomp ")"
    filtercomp = and / or / not / item
    and        = "&" filterlist
    or         = "|" filterlist
    not        = "!" filter
    filterlist = 1*filter
    item       = simple / present / substring / extensible
    simple     = attr filtertype value
    filtertype = equal / approx / greater / less
    equal      = "="
    approx     = "~="
    greater    = ">="
    less       = "<="
    extensible = attr [":dn"] [":" matchingrule] ":=" value
                 / [":dn"] ":" matchingrule ":=" value
    present    = attr "=*"
    substring  = attr "=" [initial] any [final]
    initial    = value
    any        = "*" *(value "*")
    final      = value
    attr       = AttributeDescription from Section 4.1.5 of [1]
    matchingrule = MatchingRuleId from Section 4.1.9 of [1]
    value      = AttributeValue from Section 4.1.6 of [1]

However, only Ordering is checked.

Do you mean only this option is selected in some administrative GUI? If so, only a conventional ordering index is maintained for that attribute. This can be used for all the operators but it is allegedly slower. [Personally I have never understood why LDAP implementors think they're in the database business at all, don't use standard databases, and insist on providing their own.]

user207421
  • 305,947
  • 44
  • 307
  • 483
2

When a client requests a directory search operation, the client sends the server a filter expression such as (&(uid=jensen)(l=Stavanger)). The server then uses applicable indexes to find entries with attribute values likely to match the search. If no indexes are applicable, then the server potentially has to go through all entries to look for candidate matches.

Looking through all entries is resource-intensive for large directories. For this reason, the unindexed-search privilege, allowing users to request searches for which no applicable index exists, is reserved for the directory root user by default.

Source

Ad Infinitum
  • 3,560
  • 27
  • 33
-2

LDAP indexes can be thought as database indexes. indexes are improving performance of complex LDAP search requests. I hope, this helps.

drJava
  • 697
  • 2
  • 9
  • 24