The following warnings are shown in the Errors log after starting DS:[25/Sep/2019:17:11:39 +0200] category=EXTENSIONS severity=WARNING msgID=566 msg=The regular expression identity mapper defined in configuration entry cn=Regular Expression,cn=Identity Mappers,cn=config references attribute type uid which does not have an equality index defined in backend cfgStore [25/Sep/2019:17:11:39 +0200] category=EXTENSIONS severity=WARNING msgID=565 msg=The exact match identity mapper defined in configuration entry cn=Exact Match,cn=Identity Mappers,cn=config references attribute type uid which does not have an equality index defined in backend cfgStore
Upgraded to, or installed DS 6 or later.
DS has two identity mappers (Exact Match and Regular Expression) which are described in the documentation: LDAP User Guide › Identity Mappers. They use the match-attribute specified for searching; by default this attribute is uid, but you can choose a different attribute if required.
As of DS 6, a warning is now included in the logs if this match-attribute is not indexed on the appropriate backend.
This issue can be resolved by creating an index for the attribute specified in the warning. For example, with the log snippets above, you would need to create an equality index for the uid attribute on the cfgStore backend. See Configuration Guide › New Index for further information.
Disabling identity mappers
If you do not use identity mappers at all (that is, there are no entries using the specified attribute (for example, uid) in the AM configuration store or CTS backend) you can disable them. However, if cfgStore is the AM configuration store, you will have uid=amadmin at the very least so would need to leave the identity mappers enabled.
You can disable an identity mapper using the dsconfig delete-identity-mapper command, for example:
- DS 7 and later: $ ./dsconfig delete-identity-mapper --hostname ds1.example.com --port 4444 --bindDN uid=admin --bindPassword password --mapper-name mapperName --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
- DS 6.x: $ ./dsconfig delete-identity-mapper --hostname ds1.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --mapper-name mapperName --trustAll --no-prompt
Related Issue Tracker IDs