Search code examples
ldapopendj

What are LDAP indexes and how do they work?

I am currently busy with learning LDAP. I have a problem with indexes. I know that they are used to improve the performance. However, I could not understand the working principle of indexes in LDAP. For example, as LDAP server, I am working with OpenDJ. There, I can see that attribute sn (surname) does have 5 different index types, which are approximate, Equality, Ordering, Presence and Substring. However, only Ordering is checked.

Solution

  • I could not understand the working principle of indexes in LDAP.

    Same as indexes in a database. To speed up queries and updates. Indexes can be provided for any attribute but only the ones that feature in searches should be indexed. You can index an LDAP database with somewhat more abandon than a DBMS because the assumed read::write ratio is much higher, typically 9::1 or more as against 3::1 for an RDBMS, so the cost of indexing on inserts and updates is relatively much less.

    For example, as LDAP server, I am working with OpenDJ. There, I can see that attribute sn (surname) does have 5 different index types, which are approximate, Equality, Ordering, Presence and Substring.

    These correspond to the different operators you can use in an LDAP search filter: 

      filter     = "(" filtercomp ")"
    filtercomp = and / or / not / item
    and        = "&" filterlist
    or         = "|" filterlist
    not        = "!" filter
    filterlist = 1*filter
    item       = simple / present / substring / extensible
    simple     = attr filtertype value
    filtertype = equal / approx / greater / less
    equal      = "="
    approx     = "~="
    greater    = ">="
    less       = "<="
    extensible = attr [":dn"] [":" matchingrule] ":=" value
                 / [":dn"] ":" matchingrule ":=" value
    present    = attr "=*"
    substring  = attr "=" [initial] any [final]
    initial    = value
    any        = "*" *(value "*")
    final      = value
    attr       = AttributeDescription from Section 4.1.5 of [1]
    matchingrule = MatchingRuleId from Section 4.1.9 of [1]
    value      = AttributeValue from Section 4.1.6 of [1]

    However, only Ordering is checked.

    Do you mean only this option is selected in some administrative GUI? If so, only a conventional ordering index is maintained for that attribute. This can be used for all the operators but it is allegedly slower. [Personally I have never understood why LDAP implementors think they're in the database business at all, don't use standard databases, and insist on providing their own.]