Overview#FLAIM Attribute Containerization is when EDirectory IndexDefinitions are created automatically by the system
EDirectory does not permit deleting system indexes and hence, any attempt to delete them gives an error.EDirectory 220.127.116.11 (40002.79) to EDirectory 18.104.22.168 (40004.44).
It is possible to revert the behavior of eDirectory to its pre-eDirectory 9 behavior, simply add the line:_ndsdb.ini file and restart eDirectory.
Disable FLAIM Attribute Containerization EDirectory 22.214.171.124 (40005.12) and Later#To workaround this issue, add the following value in the in _ndsdb.ini file in the DIB directory, and then restart ndsd: eDirectory provides you the flexibility of scheduling the attribute movement. You first view the attributes that are ready to be moved and then schedule their movement as per your convenience.
This prevents the attributes from being moved to the attribute container. However, this command will not affect the attributes that are already there in the container.
We have also seen conditions where there were a very large number of attributes in use on many entries. When one of the entries added the 25th value, the existing index is dropped and the system index is created. When this happens, there is a time when there is no Edirectory Indexes on an attribute. This causes very slow searches.
When there are many entries with several values, creating the new index took forever.
Additional Information#You may experience a -6029 attribute in maintenance mean Error. This implies a system generated index in being created. This will happen if
- an attribute has more than 25 values
- an attribute value is greater than 2048 bytes.
Under these conditions an index will be created for the attribute. At the FLAIM level a new attribute container is created. Then all objects in the dib are scanned for this attribute. If found the attribute is moved from the object's container to the new attribute container. How long does this "maintenance" process may take depends on the following factors:
- How large the eDirectory database (DIB) is.
- How many entries contain this attribute.
- How busy the server is with other processes.
While an attribute is in maintenance mode, modifications or queries that directly involve this attribute are not allowed until this process completes.
For most environments, hitting this condition will not be a problem, it just depends on how long it takes to complete and if the unavailability of this attribute for a span of time is going to effect critical production type processes. To disable the automatic containerization of attributes, add disablemovetoattrcontainer =1 in the _ndsdb.ini file and restart eDirectory.
Scheduling FLAIM Attribute Containerization#FLAIM Attribute Containerization Scheduling is painful and requires gathering the following information form different utilities:
- PseudoServer LocalEntryID
- Attributes which qualify for movement to new FLAIM Attribute Containerization
|02/16/17 04:22:25 PM 1:13||Present||dicFusion|
|08/24/17 04:09:42 PM 1:11||Present||NDSPKI:Key Material DN|
You can start the attribute containerization by using the single object Ndsrepair option of ndsrepair for the Pseudo server object. To containerize an attribute, issue the ndsrepair command with the new advance switch -am followed by the name of the attribute as below:
ndsrepair –J <Pseudo server object ID> –Ad –AM/–am <attribute name>
More Information#There might be more information for this subject on one of the following:
- Edirectory Indexes
- FLAIM Attribute Containerization
- Preventing eDirectory from Auto Adding Indexes
- Web Blog_blogentry_140415_1
- [#1] - FLAIM Attribute Containerization# - based on information obtained 2019-01-22-
- [#2] - Replicas take a lot longer to be added to servers running eDirectory 9.0 - based on information obtained 2019-02-26-
- [#2] - Indexes no longer created automatically when attribute values >25 or > 2048 bytes - based on information obtained 2019-02-26-