You can configure your Oracle Directory Server Enterprise Edition or your Sun Java System Directory Server to better support FileNet® P8, especially in the area of sorting.
Consult the Sun Java System Directory Server documentation for more information on the features mentioned here, particularly the chapter on Directory Server Indexing in the Administration Guide.
[LDAP: error code 12 - Sort Response Control]
For each attribute to be sorted, create a substring index in order to support the FileNet P8 pattern search. Remember that the Directory Server will still return an error if the entry count for a specific index is over the setting of All IDs Threshold.
You should enable a substring index for each attribute you assigned as the Content Platform Engine properties UserShortNameAttribute, GroupShortNameAttribute, UserDisplayNameAttribute, and GroupDisplayNameAttribute. They are shown on the Directory Configuration tab of the Domain node in Administration Console for Content Platform Engine. For Content Platform Engine, these attributes are normally uid and cn.
The substring index does not support the case of querying all users (which is done by leaving the FileNet P8 search string empty). This problem can be resolved by creating a browsing index, because the filter is static so only a few browsing indexes are needed.
With the substring index enabled, a multi-character pattern search works as long as the targeted pattern's entry count is less than All IDs Threshold.
Change the All IDs Threshold to a number greater than the Directory Server entry count to ensure that single-character pattern searches work. There are, however, some costs of doing so. For example, when an index for a specific attribute value is over the All IDs Threshold value, the Directory Server will not maintain the index list for that value. In order to resolve this problem, the All IDs Threshold should be increased. The Sun recommendation is to keep the All IDs Threshold value at about 5% of the Directory Server total entry count, but even this percentage might have to be adjusted.
Assume the Directory Server has 80,000 entries and the threshold is 4000. Also assume there are 5000 entries that start with "pw" and 1000 entries that start with "au". When you query for "au*" you get 1000 entries, no error. But when you query "pw*" you would get an error because there are more than 4000 entries that start with "pw" (in fact there are 5000 entries) and Sun Java System Directory Server stops sorting for this case. You would have to increase the threshold to a number over 5000 in order to get back all entries that fulfill the query's specifications.
[LDAP: error code 12 - Sort Response Control]
This could happen when searching using a broad search scope such as with a single-character search pattern .
The substring index does not help queries without pattern. A query without pattern returns an error when the Directory Server entry count is over the All IDs Threshold value. You can avoid this error by creating a browsing index for that specific search.
Consult the Administration Guide for Sun One Directory Server for more details on managing browsing indexes.
dn: cn="dc=eng,dc=filenet,dc=com:(objectClass=person)",
cn=eng,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvSearch
cn: "dc=eng,dc=filenet,dc=com:(objectClass=person)"
vlvbase: dc=eng,dc=filenet,dc=com
vlvscope: 2
vlvfilter: (&(objectClass=person)(uid=*))
dn: cn=sort uid,cn="dc=eng,dc=FileNet,
dc=com:(objectClass=person)", cn=eng, cn=ldbm database,
cn=plugins,cn=config
objectClass: top
objectClass: vlvIndex
cn: sort uid
vlvSort: uid
dn: cn=rev sort uid, cn="dc=eng,dc=filenet,
dc=com:(objectClass=person)", cn=eng, cn=ldbm database,
cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev sort uid
vlvSort: -uid
dn: cn="dc=eng,dc=filenet,
dc=com:(objectClass=groupOfUniqueNames)", cn=eng,
cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvSearch
cn: "dc=eng,dc=filenet,dc=com:(objectClass=groupOfUniqueNames)"
vlvbase: dc=eng,dc=filenet,dc=com
vlvscope: 2
vlvfilter: (&(objectClass=groupOfUniqueNames)(cn=*))
dn: cn=sort cn,cn="dc=eng,dc=filenet,
dc=com:(objectClass=groupOfUniqueNames)", cn=eng,
cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvIndex
cn: sort cn
vlvSort: cn
dn: cn=rev sort cn,cn="dc=eng,dc=filenet,
dc=com:(objectClass=groupOfUniqueNames)", cn=eng,
cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev sort cn
vlvSort: -cn
dn: cn=sort_users_cn,cn="dc=eng,dc=filenet,
dc=com:(objectClass=person)", cn=eng,
cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvIndex
cn: sort_users_cn
vlvSort: cn
dn: cn=rev_sort_users_cn,cn="dc=eng,dc=filenet,
dc=com:(objectClass=person)", cn=eng,
cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev_sort_users_cn
vlvSort: -cn
The first three entries are browsing-index entries for querying users. The next three entries are browsing- index entries for querying groups. The last two are sort indexes on objectClass=person, based on cn instead of uid. Each vlvSearch entry is tied to a specific base DN and a specific filter.
(&(objectClass=person)(uid={0}))
then the vlvFilter should be (&(objectClass=person)(uid=*)).
Value | Indication |
---|---|
0 | The base entry alone |
1 | The immediate children of the base |
2 | The entire subtree rooted at the base |
However, only 2 should be used since the Content Platform Engine search query always implies a subtree search.
Both vlvSearch and vlvIndex entries should be named. In this example, the vlvSearch name is formed by concatenating the base DN and the filter as a unique name. For the user case, one vlvIndex is named sort uid and the second one is named rev sort uid . It is assumed that the user Short name attribute and Display name attribute are the same attribute: uid. If they are not the same, then two more vlvIndex entries should be added for another attribute. In this example, these vlvSearch and vlvIndex entries are specific to the base DN dc=eng,dc=filenet,dc=com. If there are more realms on the server, a new set of entries should be added for each realm.
<SUNONE_INSTALL_DIR>\shared\bin\ldapmodify -a -h
<SUNONE_HOST_NAME> -p <SUNONE_PORT_NUMBER> -D
<USER_ID> -w <PASSWORD> -f <full path of BrowsingIndex.txt>
Ldapmodify -a -h hq-sunds -p 1389 -D "cn=Directory Manager"
-w -Directory Manager" -f C:\temp\BrowsingIndex.txt
In the Sun One Directory Server console, under Tasks tab, click Stop Directory Server.
<SUNONE_INSTALL_DIR>\bin\slapd\server\slapd db2index -D
"<SUNONE_INSTALL_DIR>\slapd- <SUNONE_SERVER_NAME>"
-n <DB_NAME> -T "sort uid"
<SUNONE_INSTALL_DIR>\bin\slapd\server\slapd db2index -D
"<SUNONE_INSTALL_DIR>\slapd- <SUNONE_SERVER_NAME>"
-n <DB_NAME> -T "rev sort uid"
<SUNONE_INSTALL_DIR>\bin\slapd\server\slapd db2index -D
"<SUNONE_INSTALL_DIR>\slapd- <SUNONE_SERVER_NAME>"
-n <DB_NAME> -T "sort cn"
<SUNONE_INSTALL_DIR>\bin\slapd\server\slapd db2index -D
"<SUNONE_INSTALL_DIR>\slapd- <SUNONE_SERVER_NAME>"
-n <DB_NAME> -T "rev sort cn"
Repeat the process above if there are more indexes added to the BrowsingIndex.txt file.
Slapd db2index -D "C:\Program Files\Sun\MPS\slapd-myserver"
-n eng -T "sort uid"
The substring index does not help queries without pattern. A query without pattern returns an error when the Directory Server entry count is over the All IDs Threshold value. You can avoid this error by creating a browsing index for that specific search.
Consult the Administration Guide for Sun Java System Directory Server for more details on managing browsing indexes.
dn: cn="dc=eng, dc=filenet, dc=com:(objectClass=person)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvSearch
cn: "dc=eng,dc=filenet,dc=com:(objectClass=person)"
vlvbase: dc=eng,dc=filenet,dc=com
vlvscope: 2
vlvfilter: (&(objectClass=person)(uid=*))
dn: cn=sort uid, cn="dc=eng, dc=FileNet, dc=com:(objectClass=person)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: sort uid
vlvSort: uid
dn: cn=rev sort uid, cn="dc=eng,dc=filenet,dc=com:(objectClass=person)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev sort uid
vlvSort: -uid
dn: cn="dc=eng, dc=filenet, dc=com:(objectClass=groupOfUniqueNames)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvSearch
cn: "dc=eng,dc=filenet,dc=com:(objectClass=groupOfUniqueNames)"
vlvbase: dc=eng,dc=filenet,dc=com
vlvscope: 2
vlvfilter: (&(objectClass=groupOfUniqueNames)(cn=*))
dn: cn=sort cn, cn="dc=eng, dc=filenet,
dc=com:(objectClass=groupOfUniqueNames)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: sort cn
vlvSort: cn
dn: cn=rev sort cn,cn="dc=eng,dc=filenet,
dc=com:(objectClass=groupOfUniqueNames)",
cn=eng, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev sort cn
vlvSort: -cn
dn: cn=sort_users_cn, cn="dc=eng, dc=filenet,
dc=com:(objectClass=person)", cn=eng, cn=ldbm database,
cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: sort_users_cn
vlvSort: cn
dn: cn=rev_sort_users_cn, cn="dc=eng, dc=filenet,
dc=com:(objectClass=person)", cn=eng,
cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: vlvIndex
cn: rev_sort_users_cn
vlvSort: -cn
The first three entries are browsing-index entries for querying users. The next three entries are browsing- index entries for querying groups. The last two are sort indexes on objectClass=person, based on cn instead of uid. Each vlvSearch entry is tied to a specific base DN and a specific filter.
(&(objectClass=person)(uid={0}))
then the vlvFilter should be (&(objectClass=person)(uid=*)).
Value | Indication |
---|---|
0 | The base entry alone |
1 | The immediate children of the base |
2 | The entire subtree rooted at the base |
However, only 2 should be used since the Content Platform Engine search query always implies a subtree search.
Both vlvSearch and vlvIndex entries should be named. In this example, the vlvSearch name is formed by concatenating the base DN and the filter as a unique name. For the user case, one vlvIndex is named sort uid and the second one is named rev sort uid. It is assumed that the user Short name attribute and Display name attribute are the same attribute: uid. If they are not the same, then two more vlvIndex entries should be added for another attribute. In this example, these vlvSearch and vlvIndex entries are specific to the base DN dc=eng,dc=filenet,dc=com. If there are more realms on the server, a new set of entries should be added for each realm.
<SUNONE_INSTALL_DIR>\shared\bin\ldapmodify -a -h
<SUNONE_HOST_NAME> -p <SUNONE_PORT_NUMBER> -D
<USER_ID> -w <PASSWORD> -f <full path of BrowsingIndex.txt>
Ldapmodify -a -h hq-sunds -p 1389 -D "cn=Directory Manager"
-w -Directory Manager" -f C:\temp\BrowsingIndex.txt
In the Sun Directory Service Control Center, navigate to the Stop.
tab and click<SJDS_INSTALL_DIR>\bin\dsadm reindex –l –b –t <vlvIndex Name>
<LDAP_SERVER_INSTANCE> <SJDS_SERVER_NAME>
Repeat the command above for all vlvIndexes. For example,
Dsadm reindex –l –b –t “sort uid” ..\local\instance1 hq-sunds
cn=eng,cn=ldbm database,cn=plugins,cn=config
In the Options dropdown box, select ACI Applies to All Entries Below This Entry.