#3686 Optimize the s2n operation to look up the correct entry type

Created 6 months ago by jhrozek
Modified a month ago

This ticket is based on an IRC discussion I had with @sbose, so the actual idea about what needs to be done is his.

When an IPA client looks up a user from an IPA server, the user with all their groups is looked up. The client would first do a REQ_FULL_WITH_MEMBERS s2n request for the user which returns the user entry and all their groups. Then, the client issues a REQ_FULL_WITH_MEMBERS s2n request for each group.

Because of historical reasons, where the s2n operations were only used to resolve a SID where it was not known if the SID belongs to a user or a group, the s2n request triggers a lookup on the server for a user first and only if a user is not found, a request for a group is tried.

This is not optimal especially in case there are many trusted domains, because every request must first iterate over the domain list looking for a user and then it would iterate over the domain list again looking for a group.

To improve the situation, Sumit suggested that the request is extended with an object type on the IPA side and the extdom plugin is also extended with to use this data to trigger the appropriate lookup on the IPA server.

6 months ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

6 months ago

Metadata Update from @jhrozek:
- Assignee reset

6 months ago

Metadata Update from @jhrozek:
- Issue tagged with: RFE, performance

6 months ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1555924

Issue linked to Bugzilla: Bug 1555924

6 months ago

Metadata Update from @jhrozek:
- Issue priority set to: major (was: minor)
- Issue set to the milestone: SSSD 2.0

Issue linked to Bugzilla: Bug 1581041

a month ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

Login to comment on this ticket.

https://bugzilla.redhat.com/show_bug.cgi?id=1555924, https://bugzilla.redhat.com/show_bug.cgi?id=1581041

cancel