PingDirectory

Indexing the LDAP changelog

The PingDirectory server supports attribute indexing in the Changelog Backend to allow Get Changelog Batch requests to filter results that include only changes involving specific attributes.

Normally, the PingDirectory server that receives a request must iterate over the whole range of changelog entries and then match entries based on search criteria for inclusion in the batch. The majority of this processing also involves determining whether or not the changelog entry includes changes to a particular attribute or set of attributes. Using changelog indexing, client applications can dramatically speed up throughput when targeting the specific attributes.

You can configure attribute indexing using the index-include-attribute and index-exclude-attribute properties on the Changelog Backend. The properties can accept the specific attribute name or special LDAP values * to specify all user attributes or + to specify all operational attributes.

To determine if the PingDirectory server supports this feature, view the Root DSE for the following entry.

supportedFeatures: 1.3.6.1.4.1.30221.2.12.3

Indexing a changelog attribute

Steps

  1. Use dsconfig to set attribute indexing on an attribute in the changelog backend.

    Example:

    Index different attributes by adding specific properties. In the following example, the command enables the Changelog Backend and sets the backend to include all user attributes (*) for ADD or MODIFY operations using the changelog-include-attribute property. The changelog-deleted-entry-include-attribute property is set to all attributes (*) to specify a set of attribute types that should be included in a changelog entry for DELETE operations. Attributes specified in this list are recorded in the deletedEntryAttrs attribute on the changelog entry when an entry is deleted. The attributes displayName and employeeNumber are indexed using the index-include-attribute property.

    $ bin/dsconfig set-backend-prop --backend-name changelog \
  --set "enabled:true" \
  --set "changelog-include-attribute:*" \
  --set "changelog-deleted-entry-include-attribute:*" \
  --set "index-include-attribute:displayName" \
  --set "index-include-attribute:employeeNumber"

  2. To add another attribute to index, use the dsconfig --add option, which adds the attribute to an existing configuration setting.

    Example:

    $ bin/dsconfig set-backend-prop --backend-name changelog \
  --add "index-include-attribute:cn"

Excluding attributes from indexing

Steps

  • Use dsconfig to set attribute indexing on all user attributes in the changelog backend.

    Example:

    The following command includes all user attributes except the description and location attributes.

    $ bin/dsconfig set-backend-prop --backend-name changelog \
  --set "index-include-attribute:*" \
  --set "index-exclude-attribute:description \
  --set "index-exclude-attribute:location