Edirectory Indexes


EDirectory utilizes indexes for all operations regardless of if they are NDS operations or LDAP operations.

Background on LDAP Indexes that are not Edirectory specific.

LDIF eDirectory Indexes#

You can use LDIF to create or maintain eDirectory Indexes

Edirectory Indexes Examples#

indexDefinition format for LDAP

Table below, in order of appearance, the value for the "indexDefinition" values that are delimited by "$" are as follows:

VersionUser-defined Index NameIndex StateIndex RulesIndex TypeIndex value stateNDS Attribute Name
0Given Name0011Given Name
0Purge Vector0031Purge Vector
0Passwords Used0031Passwords Used
0Object Class0031Object Class
0Obituary Notify0031Obituary Notify
0Permanent Config Parms0031Permanent Config Parms
0SecurityEquals0001Security Equals

Index version#

Reserved for future use. Currently in eDirectory version as of 8.8, this should always be set to zero (0).

User-defined Index Name#

The user-defined index name field is a readable description identifying the index on the index management page. Family Name Substring and Zip Code Value are examples of the types of strings that should be used in this field. The administrator can define any name that makes sense to him.

Novell does suggest, however, that the index name should not contain the '$' character. This character is the delimiter between the 7 strings in the attribute value. If you use the '$' character in one of the strings, you must escape it when trying to work with the indexes via LDAP.

A Best Practice is to identify the index "type' by appending a code to the end of the name. As an example:

  • cn - for a value search
  • CN_SS - For cn attribute with a Sub-String search
  • CN_P - for a presence value search (Best Practice says use value vs presence)

We ONLY except in rare circumstances recommend anything but a Value index for eDirectory

Index State#

  • Offline or suspended (0) - Currently suspended; can be started by clicking Change State.
  • Bringing online (1) - Currently running; can be suspended by clicking Change State.
  • Online (2) - Currently running; can be suspended by clicking Change State.
  • Pending creation (3) - The index has been defined and is waiting for the background process to begin its operation.

Index Rules#

  • Equality or Value indexes (0) - matches the entire value or the first part of the value of an attribute. For example, value matching could be used to find entries with a LastName that is equal to "Jensen" and entries with a LastName that begins with "Jen."
  • Presence Index (1) - requires only the presence of an attribute rather than specific attribute values. A query to find all entries with a Login Script attribute would use a presence index. Best practice says use the value index as there is so little index cost of value over presence.
  • SubstringIndex (2) - matches a subset of the attribute value string. For example, a query to find a LastName with "der" would return matches for Derington, Anderson, and Lauder. A substring index is the most resource-intensive index to create and maintain.

Index Type#

  • 0 - User - This type is user-defined and is the only type that can be added using Index Manager.
  • 1 - Auto Added - eDirectory automatically adds these index types during attribute creation.
  • 2 - Operational - This type must be present to run the system. This type cannot be edited or deleted.
  • 3 - System - This type must be present to run the system. This type cannot be edited or deleted.

NOTE: In eDirectory 8.7 and higher new functionality was added:
Called FLAIM Attribute Containerization If any entry in the tree has an FLAIM Attribute Containerization rules an index for the attribute will be automatically added by the system. The resulting index will be of type "system" and not of type "auto-added" as it may be expected.

Due to the underlying structure of the eDirectory database, system-added indexes provide better access times for LDAP queries.

Index value state#

Specifies the source of the index. When defining an index, set this string to 1. eDirectory supports the following values:
  • 0 - Uninitialized
  • 1 - Added from Server
  • 2 - Added from Local DIB
  • 3 - Deleted from Local DIB
  • 4 - Modified from Local DIB

NDS Attribute Name.#

The attribute name string contains the NDS attribute name. In many cases, attributes have both an NDS name with an LDAP name mapped to it. Be sure to use the NDS name for the attribute. When you create an index using iManager, this is not an issue because you select from the list of known NDS attribute names. When you create an index using LDAP, make sure you use the appropriate NDS attribute name, not the LDAP mapped attribute name. Be careful to escape any characters that require escaping.

LDIF Example of Index#

This shows a typical index value as would be used for LDIF to add an index to a server:
dn: cn=testServer-NDS,o=Novell
changetype: modify
add: indexDefinition
indexDefinition: 0$indexName$2$2$0$1$attributeName

IndexMan Script#

A script to manage eDirectory indexes.

ndsindex Utility#

Novell's ndsindex Utility.

Cost of Indexes#

Some notes on the cost or performance of Indexes.

How to Supercharge LDAP Searches with NDS eDirectory Indexes#

Some information from Novell on eDirectory Indexes which although is somewhat older, is mostly still relevant.



More Information#

There might be more information for this subject on one of the following: