Richard Faust

CA Directory Session Store warn log full of 'not indexed' messages

Discussion created by Richard Faust Employee on Jan 24, 2018
Latest reply on Feb 13, 2018 by Justin McDonald

I have followed the instructions at this link to set up a session store in a lab environment with CA Directory r12.6.03 and CA SSO r12.7 sp01:

https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-ca-directory-as-a-session-store

These instructions provide specific settings for cache-index management:

set cache-index = smSessionId, smExpirationTime, smIdleExpirationTime, smSearchData, smVariableName, smFullVariableName;

set lookup-cache = true;

Over the past week, the SessionStore warn log has accumulated 1-4MB of nag messages each day for these three attributes with as many as 65,000 messages in a day:

[5] 20180124.000033.676 WARN : RDN attribute 'cn' is not indexed
[6] 20180124.000033.677 WARN : RDN attribute 'ou' is not indexed
[6] 20180124.000033.677 WARN : RDN attribute 'smTimeValue' is not indexed

It would be nice if the documentation recommended a configuration that doesn't clutter the log files with expected nuisance messages.  What's the best approach to eliminate these warning messages?  Should the offending attributes be added to the "set cache-index" statement, or are there other configuration directives that may be used to keep the logs from getting cluttered without having an adverse impact on performance by adding unnecessary indexes?

Outcomes