Red Hat Directory Server 8.0 Administrator's Guide
Serverprocesses a search request as follows:
1. An LDAP client application sends a search request to the directory.
2. The directory examines the incoming request to make sure that the specified base DN
matches a suffix contained by one or more of its databases or database links.
• If they do match, the directory processes the request.
• If they do not match, the directory returns an error to the client indicating that the suffix
does not match. If a referral has been specified in the nsslapd-referral attribute under
cn=config, the directory also returns the LDAP URL where the client can attempt to
pursue the request.
• If the search request for each database attribute can be satisfied by a single index, then
the server reads that index to generate a list of potential matches.
• If there is no index for the attribute, the directory generates a candidate list that includes all
entries in the database, which makes the search considerably slower.
• If a search request contains multiple attributes, the directory consults multiple indexes and
then combines the resulting lists of candidate entries.
• If there is an index for the attribute, the directory takes the candidate matches from the
index files in the form of a series of entry ID numbers.
3. The directory uses the returned entry ID numbers to read the corresponding entries from the
id2entry.db4 file. The Directory Server then examines each of the candidate entries to see
if any match the search criteria. The directory returns matching entries to the client as each is
found.
The directory continues until either it has examined all candidate entries or it reaches the limit
set in one of the following attributes:
•
nsslapd-sizelimit which specifies the maximum number of entries to return from a
search operation. If this limit is reached, the directory returns any entries it has located that
match the search request, as well as an exceeded size limit error.
•
nsslapd-timelimit which specifies the maximum number of seconds allocated for a
search request. If this limit is reached, the directory returns any entries it has located that
match the search request, as well as an exceeded time limit error.
•
nsslapd-lookthroughlimit, which specifies the maximum number of entries that the
directory will check when examining candidate entries in response to a search request.
•
nsslapd-idlistscanlimit which specifies the maximum number of entries in an ID list
before the list is considered to equal the entire database.
Chapter 10. Managing Indexes
368