Preventing eDirectory from Auto Adding Indexes


Getting lots of system indexes created by IDM adding lots of values to some attributes.

Edirectory Indexes are created automatically (FLAIM Attribute Containerization) when an attribute has more than 25 values or if the value of the attribute is more than 2,048 bytes.

Such attributes are moved to a separate attribute container and indexes are created for them. These auto-generated indexes are marked as system indexes.

EDirectory does not permit deleting system indexes and hence, any attempt to delete them gives an error.

To workaround this issue, add the following value in the in _ndsdb.ini file in the DIB directory, and then restart ndsd:

This prevents the attributes from being moved to the attribute container. However, this command will not affect the attributes that are already there in the container.

We have also seen conditions where there were a very large number of attributes in use on many entries. When one of the entries added the 25th value, the existing index is dropped and the system index is created. When this happens, there is a time when there is no Edirectory Indexes on an attribute. This causes very slow searches.

When there are many entries with several values, creating the new index took forever.

Additional Information#

You may experience a -6029 attribute in maintenance mean Error. This implies a system generated index in being created. This will happen if
  • an attribute has more than 25 values
  • an attribute value is greater than 2048 bytes.

Under these conditions an index will be created for the attribute. At the FLAIM level a new attribute container is created. Then all objects in the dib are scanned for this attribute. If found the attribute is moved from the object's container to the new attribute container. How long does this "maintenance" process may take depends on the following factors:

  • How large the eDirectory database (DIB) is.
  • How many entries contain this attribute.
  • How busy the server is with other processes.

While an attribute is in maintenance mode, modifications or queries that directly involve this attribute are not allowed until this process completes.

For most environments, hitting this condition will not be a problem, it just depends on how long it takes to complete and if the unavailability of this attribute for a span of time is going to effect critical production type processes.

More Information#

There might be more information for this subject on one of the following: ...nobody