How to address "RDN attribute 'smTimeValue'/'cn' is not indexed"
search cancel

How to address "RDN attribute 'smTimeValue'/'cn' is not indexed"

book

Article ID: 383609

calendar_today

Updated On:

Products

CA Directory SITEMINDER

Issue/Introduction

After following the SiteMinder documentation at the following link

Configure Symantec Directory as a Session Store,

numerous messages like the following appears in the summary log:

RDN attribute 'smTimeValue' is not indexed
RDN attribute 'cn' is not indexed

Environment

Directory 14.1 SP4 and later

Cause

These messages came from SiteMinder's LDAP calls when it uses CA Directory as a session store. Since the SiteMinder documentation does not include the smTimeValue and cn in its recommended set cache-index values, these warning messages appear to suggest adding them to the cache-index setting. Cache-indexing them in theory could help the efficiency of locating entries using these attributes. This is also because of the fact that the "use-rdn-index" tends to be set to false.

Resolution

Symantec Directory uses a number of cache related settings to boost its performance. Among those, cache-index, use-rdn-index, and lookup-cache are the three basic settings that tend to be discussed together. A common cache-index setting is

set cache-index    = all-attributes;

which tends to be the initial setting for a data DSA as it makes no assumption how an LDAP application searches its data and hence simply indexes all attributes to boost its performance regardless of which attributes the LDAP application searches its data. The indexing operation itself takes time and memory and hence when the size of LDAP store grows, overtime this simple setting may no longer be appropriate especially for those performance sensitive applications. SiteMinder implementations often use Symantec Directory for its Session Store and the product has provided the recommended cache-index setting as seen in the following link:

Configure Symantec Directory as a Session Store  

As of December 2024, the recommended cache-index does not include both smTimeValue and cn and hence we tend see many occurrences of the two RDN-attribute-is-not-indexed messages.

According to the product documentation at:

set cache-index Command -- Specify Attributes to Be Indexed

Two possible settings can be used to address these warning messages.

  • set use-rdn-index = true;

Since SiteMinder documentation does not explicitly suggest the use-rdn-index setting and often other applications tend to start with cache-index set to all-attributes, as a result, this setting tends to be left to false and causes the warning messages.

  • adding both smTimeValue and cn to the SiteMinder recommended cache-index list of attributes.

This will eliminate the two warning messages as well but seems to be a global setting regardless of whether smTimeValue and cn are used as a DN at all.

set lookup-cache = true;

For most common applications, lookup-cache is always set to true and is required to be the last setting of all cache related settings. Any cache-related settings after the lookup-cache setting will not be used. lookup-cache documentation:

set lookup-cache Command -- Enable Memory-Mapped File

To learn more about the other cache related settings, you can find a good description on the following link under the How to Create a Data DSA section:

DSAs

To learn more about the index usage use the following Console command:

get cache;

To learn more about get cache, see the following documentation link:

get cache Command -- Display the Cache Configuration

 

 

Powered by Wolken Software