7.2. Creating Standard Indexes

This section describes how to create presence, equality, approximate, substring, and international indexes for specific attributes using the Directory Server Console and the command line.
When a new index type is created, that index is used as a template for any additional databases as they are added. The Directory Server uses the current set of default indexes defined for the instance as the basis for additional databases.
However, new indexes are not added to existing databases automatically, though they can be added manually. This means that if you add a default index to your second database instance, it will not be maintained in your first database instance but will be maintained in any subsequent instances. To apply a new index to an existing database, run the db2index.pl script or run a cn=index,cn=tasks task, as described in Section 7.3, “Applying New Indexes to Existing Databases”.

7.2.1. Creating Indexes from the Server Console

To create presence, equality, approximate, substring, or international indexes:
  1. Select the Configuration tab.
  2. Expand the Data node, expand the suffix of the database to index, and select the database.
  3. Select the Indexes tab in the right pane.


    Do not click the Database Settings node because this opens the Default Index Settings window, not the window for configuring indexes per database.
  4. If the attribute to be indexed is listed in the Additional Indexes table, go to step 6. Otherwise, click Add Attribute to open a dialog box with a list of all of the available attributes in the server schema.
  5. Select the attribute to index, and click OK.
    The server adds the attribute to the Additional Indexes table.
  6. Select the checkbox for each type of index to maintain for each attribute.
  7. To create an index for a language other than English, enter the OID of the collation order to use in the Matching Rules field.
    To index the attribute using multiple languages, list multiple OIDs separated by commas, but no whitespace. For a list of languages, their associated OIDs, and further information regarding collation orders, see Appendix C, Internationalization.
  8. Click Save.
The new index is immediately active for any new data that you add and any existing data in your directory. You do not have to restart your server.

7.2.2. Creating Indexes from the Command Line


You cannot create new system indexes because system indexes are hard-coded in Directory Server.
Use ldapmodify [6] to add the new index attributes to your directory.
  • To create a new index that will become one of the default indexes, add the new index attributes to the cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config entry.
  • To create a new index for a particular database, add it to the cn=index,cn=database_name,cn=ldbm database,cn=plugins,cn=config entry, where cn=database_name corresponds to the name of the database.


Avoid creating entries under cn=config in the dse.ldif file. The cn=config entry in the simple, flat dse.ldif configuration file is not stored in the same highly scalable database as regular entries. As a result, if many entries, particularly entries that are likely to be updated frequently, are stored under cn=config, performance will probably suffer. Although we recommend you do not store simple user entries under cn=config for performance reasons, it can be useful to store special user entries such as the Directory Manager entry or replication manager (supplier bind DN) entry under cn=config since this centralizes configuration information.
For information on the LDIF update statements required to add entries, see Section 3.3, “Using LDIF Update Statements to Create or Modify Entries”.
For example, to create presence, equality, and substring indexes for the sn (surname) attribute in the Example1 database:
  1. Open the Directory Server LDAP tool directory.
    cd /usr/lib64/mozldap
  2. Run ldapmodify.
    /usr/lib64/mozldap/ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
    The ldapmodify utility binds to the server and prepares it to add an entry to the configuration file.
  3. Add the LDIF entry for the new indexes:
    dn: cn=sn,cn=index,cn=Example1,cn=ldbm database,cn=plugins,cn=config
    The cn attribute contains the name of the attribute to index, in this example the sn attribute. The entry is a member of the nsIndex object class. The nsSystemIndex attribute is false, indicating that the index is not essential to Directory Server operations. The multi-valued nsIndexType attribute specifies the presence (pres), equality (eq) and substring (sub) indexes. Each keyword has to be entered on a separate line. The nsMatchingRule attribute in the example specifies the OID of the Bulgarian collation order; the matching rule can indicate any possible value match, such as languages or other formats like date or integer.
    You can use the keyword none in the nsIndexType attribute to specify that no indexes are to be maintained for the attribute. This example temporarily disables the sn indexes on the Example1 database by changing the nsIndexType to none:
    dn: cn=sn,cn=index,cn=Example1,cn=ldbm database,cn=plugins,cn=config
For a complete list of matching rules and their OIDs, see Section 8.3.4, “Using Matching Rules”, and for the index configuration attributes or the ldapmodify command-line utility, see the Directory Server Configuration and Command-Line Tool Reference.


Always use the attribute's primary name (not the attribute's alias) when creating indexes. The primary name of the attribute is the first name listed for the attribute in the schema; for example, uid for the user ID attribute.

[6] The LDAP tools referenced in this guide are Mozilla LDAP, installed with Directory Server in the /usr/lib64/mozldap directory on Red Hat Enterprise Linux 5 (64-bit); directories for other platforms are listed in Section 1.3, “LDAP Tool Locations”. However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL and allow simple authentication.