diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-10 02:10:20 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:56 +0200 |
| commit | 520ca74cdac5bc15b0d28f7a313730655c95d9c8 (patch) | |
| tree | 8d7fa3893b7a5577a0b524252e67efdc5aef4eb9 /roles/common-LDAP | |
| parent | b972b4beb773a5567eb1190e4a44a05d88193f94 (diff) | |
Add extra indexes on the LDAP provider.
Those will be useful for the tools.
Diffstat (limited to 'roles/common-LDAP')
| -rw-r--r-- | roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 874bd9d..7d841b8 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -71,51 +71,59 @@ olcDbConfig: set_cachesize 0 5242880 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 # The root user has all rights on the whole database (when SASL-binding # on a UNIX socket). olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth # Ensure that all DIT access is made according to the LDAPv3 protocol, # and must use 1/ authentication, and 2/ SASL or TLS. (Local clients # should use ldapi:// and SASL/EXERNAL, while remote clients should use # TLS.) # XXX: olcRequires: none LDAPv3 authc strong olcRequires: none LDAPv3 authc olcSecurity: simple_bind=128 ssf=128 update_ssf=128 # # ######################################################################## # Performance considerations # # To reindex an existing database, you have to # * Stop slapd sudo service slapd stop -# * Reindex su openldap -c "slapindex -b 'dc=fripost,dc=org'" +# * Reindex sudo -u openldap slapindex -b 'dc=fripost,dc=org' # * Restart slapd sudo service slapd start # olcDbIndex: objectClass eq # Let us make Postfix's life easier. -{% if 'MX' in group_names or 'MDA' in group_names %} +{% if 'LDAP-provider' in group_names %} +olcDbIndex: fvd,fvl eq,sub +olcDbIndex: fripostIsStatusActive eq +{% elif 'MX' in group_names or 'MDA' in group_names %} olcDbIndex: fripostIsStatusActive,fvd,fvl eq {% endif %} -{% if 'MX' in group_names %} +{% if 'LDAP-provider' in group_names %} +olcDbIndex: fripostOptionalMaildrop,fripostMaildrop eq,sub +olcDbIndex: fripostCanAddAlias,fripostCanAddList,fripostOwner,fripostPostmaster,fripostListManager eq +{% elif 'MX' in group_names %} olcDbIndex: fripostOptionalMaildrop pres {% endif %} +{% if 'LDAP-provider' in group_names %} +{% endif %} {% if ('LDAP-provider' not in group_names and ('MX' in group_names or 'lists' in group_names)) or 'LDAP-provider' in group_names and (groups.MX | difference([inventory_hostname]) or groups.lists | difference([inventory_hostname])) %} # SyncProv/SyncRepl specific indexing. olcDbIndex: entryCSN,entryUUID eq {% endif%} # # # References # - https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning_5.0 # - http://www.openldap.org/doc/admin24/tuning.html # - http://www.openldap.org/faq/data/cache/42.html # - http://www.openldap.org/faq/data/cache/136.html # - http://www.zytrax.com/books/ldap/apa/indeces.html # # ######################################################################## # Sync Replication |