You notice entries like these in your logfiles:
Nov 5 15:06:39 ucs slapd: <= mdb_equality_candidates: (<ucsAttr1>) not indexed Nov 5 15:06:40 ucs slapd: <= mdb_equality_candidates: (<ucsAttr2>) not indexed
Note: You must adopt the attribute name in brackets
<ucsAttr>to the one from your specific message!
These entries indicate attributes not being indexed for faster search. In case you see these messages really often you might generate an index for the attributes in question (
<ucsAttr>) - adopt it to the one in your message!
Note: To create the index you have to stop your OpenLDAP server. This causes interruption in service. The indexing should not take more than a couple of minutes. Consider to perform these steps during maintenance.
systemctl stop slapd /usr/share/univention-ldap/ldap_setup_index --add-eq ucsAttr1 --add-eq ucsAttr2 systemctl start slapd
If you want to make sure more data is being indexed, perform the following steps to find all attributes not indexed.
First, make sure (r)syslog will log all messages from ldap and not suppress due to flooding:
ucr set syslog/limit/burst=0 ucr set syslog/limit/interval=0 systemctl restart rsyslog systemctl restart syslog
Enable debug logging for ldap:
ucr set ldap/debug/level=257 systemctl restart slapd
Monitor logfile for matching entries
tail -f /var/log/syslog | grep "not indexed"
Create the indexes as shown above