LDB Greater than and Less than indexing

From SambaWiki

Overview

Added in Samba version: 4.11

<What does the feature do, Why might users care about it, What is the Microsoft-equivalent that a Windows admin might be familiar with, etc>

How to configure it

<Just reference the relevant samba-tool/smb.conf options (your man-page/help documentation should already be clear enough)>

Known issues and limitations

This only currently supports indexing of integers, both 32-bit and 64-bit stored in the database. Supporting string indexing is much more difficult when considering unicode charsets and potentially differing sort orders in different locales. Certain attributes might only be ASCII and so could be extended in the future, but there isn't anything planned so far.

Old databases using the new code

Active Directory domain controller databases using the older indexing scheme will need to be re-indexed using samba-tool dbcheck --reindex. Without re-indexing the database, queries which rely on integers stored in the index will no longer be returned.

This may have critical impacts on tools and services relying on these attributes!

Troubleshooting

<What debug level do you need to run to see messages of interest. Are there any other ways to verify the feature is doing what it should>

For Developers

How to test it

make test TESTS="ldb samba4.ldap.index.python samba.tests.complex_expressions"

lib/ldb/tests/python/index.py and lib/ldb-samba/tests/index.py contain a similar test for indexing, but lib/ldb contains the testing for the new "Ordered Integer" 64-bit integer schema syntax, while lib/ldb-samba contains the testing for the Samba AD syntax for 32-bit integer syntax (which pre-dates this work). ORDERED_INTEGER was added to the proto-schema handling in @ATTRIBUTES in order to expose the syntax for the tests.

Where the code is located

Test files are referenced above, but the code lives in three different sections:

  • LDB key value layer
  • LDB indexing layer
  • Samba AD schema syntax injection

LDB key value layer

In order to implement range indexing, we needed to implement range queries on the underlying key value store. This only works in LMDB with (lexicographically) sorted keys. This works like the standard iterate function, but we supply a start and end key (inclusive). This layer is agnostic to all types of indexing formats, storage formats etc.

LDB indexing layer

Samba AD schema syntax injection

Reference Docs

<E.g. Microsoft specification/section that describes the feature in more detail>