slapd: <= bdb_equality_candidates: (uid) not indexed
Basically one of these gets written every time a ldap search is done on a non-indexed attribute. The fix is, like most things with LDAP, completely unintuitive.
Take a look at the current indexing being done by:
sudo /usr/sbin/slapcat -n 0 -l output.ldif
and grep for olcDbIndex (mine was only indexing objectClass by default).
Create a ldif file (indexchanges.ldif) to change the indexing attribute:
olcDbIndex: uid,uidNumber,gidNumber,memberUid,uniqueMember,objectClass,cn eq
And run it with:
sudo ldapmodify -f indexchanges.ldif -D cn=admin,cn=config -x -y /etc/ldap.secret
Note that as I mentioned previously ldapmodify fails if you are only listening on ldaps. Change SLAPD_SERVICES to include ldap:/// in '/etc/default/slapd', restart ldap, use ldapmodify, change back, restart ldap.
You then need to tell it to actually build those indexes (need to keep the index files owned by openldap user):
sudo /etc/init.d/slapd stop
sudo su -s /bin/bash -c slapindex openldap
sudo /etc/init.d/slapd start