389-ds-base

Clone
Source Code
GIT

#47411 Replace substring search with plain search in referint plugin
Closed: wontfix None Opened 10 years ago by jcholast.

Closed: wontfix
Reopen Issue

Opened this ticket per Rich's request, see [https://www.redhat.com/archives/freeipa-devel/2013-June/msg00314.html|freeipa-devel]:

AFAIK, sub index is a very expensive index - as we discussed offline - adding
Rich to advise and confirm this. I think you added it because some plugin was
doing substring/wildcard search when an LDAP entry was being deleted - did you
identify which one it is? Because I would rather get rid of the bad search than
adding so many sub indices.

The search is hard-coded in the referint plugin, see https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/plugins/referint/referint.c#n745.

Not sure if it makes sense to do a wildcard/substr search here - >please file a ticket with 389 to investigate.

It's still odd that whoever designed referint would have done a substring search - I think it's bogus but I just hope there was not a good reason . . . maybe for subtree rename?

For example, maybe when there is a subtree rename, we look for any group members that end with the old subtree? e.g. if ou=old,dc=example,dc=com is the old subtree, and ou=new,dc=example,dc=com is the new subtree, maybe referint is looking for (owner=*ou=old,dc=example,dc=com) - to match cn=1,ou=old,dc=example,dc=com and cn=2,ou=old,dc=example,dc=com etc. in order to change them to cn=1,ou=new,dc=example,dc=com etc.?

How does referint handle subtree rename?

Replying to [comment:5 rmeggins]:

It's still odd that whoever designed referint would have done a substring search - I think it's bogus but I just hope there was not a good reason . . . maybe for subtree rename?

For example, maybe when there is a subtree rename, we look for any group members that end with the old subtree? e.g. if ou=old,dc=example,dc=com is the old subtree, and ou=new,dc=example,dc=com is the new subtree, maybe referint is looking for (owner=*ou=old,dc=example,dc=com) - to match cn=1,ou=old,dc=example,dc=com and cn=2,ou=old,dc=example,dc=com etc. in order to change them to cn=1,ou=new,dc=example,dc=com etc.?

How does referint handle subtree rename?

You are correct, we need the substring search when doing a modrdn operation. New patch attached.

git merge ticket47411
Updating ba70aac..a5dde49
Fast-forward
ldap/servers/plugins/referint/referint.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)

git push origin master
ba70aac..a5dde49 master -> master

commit a5dde49
Author: Mark Reynolds mreynolds@redhat.com
Date: Wed Jul 31 12:21:19 2013 -0400

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.33
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/748

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
IPA
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.