HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

451

452

453

454

455

456

457

458

459

460

11.1.2.2 Overview of system indexes

System indexes cannot be deleted or modified. They are required by the directory to function

properly. Table 11-2 “System indexes” lists the system indexes included with the directory.

Table 11-2 System indexes

PurposePresEqAttribute

Allows the Directory Server to quickly obtain the access control information

maintained in the database.

aci

Used to help accelerate subtree searches in the directory.objectClass

Speeds up entry retrieval based on DN searches.entryDN

Enhances directory performance during one-level searches.parentID

Used by the Directory Server Console to enhance display performance on the

Directory tab.

numSubordinates

Used to search for specific entries.nsUniqueID

11.1.2.3 Overview of standard indexes

Because of the need to maintain default indexes and other internal indexing mechanisms, the

Directory Server also maintains certain standard index files. The standard index, id2entry.db4,

exists by default in Directory Server; you do not need to generate it.

The id2entry.db4 contains the actual directory database entries. All other database files can

be recreated from this one.

11.1.3 Overview of the searching algorithm

Indexes are used to speed up searches. To understand how the directory uses indexes, it helps

to understand the searching algorithm. Each index contains a list of attributes (such as the cn,

common name, attribute) and a pointer to the entries corresponding to each value. Directory

Server processes a search request as follows:

1. An LDAP client application such as the ldapmodify command, sends a search request to

the directory.

2. The directory examines the incoming request to make sure that the specified base DN matches

a suffix contained by one or more of its databases or database links.

• If they do match, the directory processes the request.

• If they do not match, the directory returns an error to the client indicating that the suffix

does not match. If a referral has been specified in the nsslapd-referral attribute

under cn=config, the directory also returns the LDAP URL where the client can

attempt to pursue the request.

• If the search request for each database attribute can be satisfied by a single index, then

the server reads that index to generate a list of potential matches.

• If there is no index for the attribute, the directory generates a candidate list that includes

all entries in the database, which makes the search considerably slower.

• If a search request contains multiple attributes, the directory consults multiple indexes,

then combines the resulting lists of candidate entries.

• If there is an index for the attribute, the directory takes the candidate matches from the

index files in the form of a series of entry ID numbers.

3. The directory uses the returned entry ID numbers to read the corresponding entries from

the id2entry.db4 file. The Directory Server then examines each of the candidate entries

11.1 About indexes 453