ldap search request fails to return results on some servers when complex indexes are used

  • 7023465
  • 22-Oct-2018
  • 22-Oct-2018


eDirectory 9.X


The same ldap search request submitted to some eDirectory LDAP servers will return results but on other servers fails to return a result.

EX:  ldapsearch -D cn=admin,o=foo -W -h -b o=foo -s sub (&(sn=doe)(givenname=john))  will return no object

ldapsearch -D cn=admin,o=foo -W -h -b o=foo -s sub (&(sn=doe)(givenname=john))  will return no object  will return the user cn=John_Doe,o=foo

An ndstrace with +LDAP and +RECM shows a complex index is used.  In this example:  Index in both server  =  sn+givenname


In an index fails to return results, delete the index and recreate.

If the index fails to delete using iManager | eDirectory Maintenance | Indexes | select the server where responses fail and delete the compound index being used.  Allow the delete to process and then use Create to recreate the index.

If the delete fails with iManager, use ndsindex to delete the compound index:

ndsindex delete  [-h hostname] [-p port] -D <bind DN> -W|[-w password] [-l limit] -s <Server DN> <indexName1> [<indexName2> ...] 


A defect exists in eDir 9.0.3 which can cause complex index corruption when an ndsrepair has been run.  eDir 9.1 contains a fix for the defect which will prevent further corruption.