HP UX Red Hat Direry Server Software manual Managing Indexes

Chapter 10. Managing Indexes

Serverprocesses a search request as follows:

1.An LDAP client application sends a search request to the directory.

2.The directory examines the incoming request to make sure that the specified base DN matches a suffix contained by one or more of its databases or database links.

•If they do match, the directory processes the request.

•If they do not match, the directory returns an error to the client indicating that the suffix does not match. If a referral has been specified in the nsslapd-referralattribute under cn=config, the directory also returns the LDAP URL where the client can attempt to pursue the request.

•If the search request for each database attribute can be satisfied by a single index, then the server reads that index to generate a list of potential matches.

•If there is no index for the attribute, the directory generates a candidate list that includes all entries in the database, which makes the search considerably slower.

•If a search request contains multiple attributes, the directory consults multiple indexes and then combines the resulting lists of candidate entries.

•If there is an index for the attribute, the directory takes the candidate matches from the index files in the form of a series of entry ID numbers.

3.The directory uses the returned entry ID numbers to read the corresponding entries from the id2entry.db4 file. The Directory Server then examines each of the candidate entries to see

if any match the search criteria. The directory returns matching entries to the client as each is found.

The directory continues until either it has examined all candidate entries or it reaches the limit set in one of the following attributes:

nsslapd-sizelimitwhich specifies the maximum number of entries to return from a search operation. If this limit is reached, the directory returns any entries it has located that match the search request, as well as an exceeded size limit error.

•

nsslapd-timelimitwhich specifies the maximum number of seconds allocated for a search request. If this limit is reached, the directory returns any entries it has located that match the search request, as well as an exceeded time limit error.

•

nsslapd-lookthroughlimit, which specifies the maximum number of entries that the directory will check when examining candidate entries in response to a search request.

•

nsslapd-idlistscanlimitwhich specifies the maximum number of entries in an ID list before the list is considered to equal the entire database.

368