Environment
eDirectory 9.X
Situation
The same ldap search request submitted to some eDirectory LDAP servers will return results but on other servers fails to return a result.
EX: ldapsearch -D cn=admin,o=foo -W -h 192.168.157.120 -b o=foo -s sub (&(sn=doe)(givenname=john)) will return no object
ldapsearch -D cn=admin,o=foo -W -h 192.168.157.122 -b o=foo -s sub (&(sn=doe)(givenname=john)) will return no object will return the user cn=John_Doe,o=foo
An ndstrace with +LDAP and +RECM shows a complex index is used. In this example: Index in both server = sn+givenname
Resolution
In an index fails to return results, delete the index and recreate.
If the index fails to delete using iManager | eDirectory Maintenance | Indexes | select the server where responses fail and delete the compound index being used. Allow the delete to process and then use Create to recreate the index.
If the delete fails with iManager, use ndsindex to delete the compound index:
ndsindex delete [-h hostname] [-p port] -D <bind DN> -W|[-w password] [-l limit] -s <Server DN> <indexName1> [<indexName2> ...]
Cause
A defect exists in eDir 9.0.3 which can cause complex index corruption when an ndsrepair has been run. eDir 9.1 contains a fix for the defect which will prevent further corruption.