#3686 Optimize the s2n operation to look up the correct entry type
Closed: Fixed 3 years ago by atikhonov. Opened 6 years ago by jhrozek.

This ticket is based on an IRC discussion I had with @sbose, so the actual idea about what needs to be done is his.

When an IPA client looks up a user from an IPA server, the user with all their groups is looked up. The client would first do a REQ_FULL_WITH_MEMBERS s2n request for the user which returns the user entry and all their groups. Then, the client issues a REQ_FULL_WITH_MEMBERS s2n request for each group.

Because of historical reasons, where the s2n operations were only used to resolve a SID where it was not known if the SID belongs to a user or a group, the s2n request triggers a lookup on the server for a user first and only if a user is not found, a request for a group is tried.

This is not optimal especially in case there are many trusted domains, because every request must first iterate over the domain list looking for a user and then it would iterate over the domain list again looking for a group.

To improve the situation, Sumit suggested that the request is extended with an object type on the IPA side and the extdom plugin is also extended with to use this data to trigger the appropriate lookup on the IPA server.


Metadata Update from @jhrozek:
- Issue assigned to jhrozek

6 years ago

Metadata Update from @jhrozek:
- Assignee reset

6 years ago

Metadata Update from @jhrozek:
- Issue tagged with: RFE, performance

6 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1555924

5 years ago

Metadata Update from @jhrozek:
- Issue priority set to: major (was: minor)
- Issue set to the milestone: SSSD 2.0

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

4 years ago

Metadata Update from @thalman:
- Issue tagged with: Canditate to close

4 years ago

I think that this has been implemented already.

I think that this has been implemented already.

Yes, this is fixed by your patch 469f1ac on the SSSD side and your related IPA patches.

bye,
Sumit

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @atikhonov:
- Custom field design_review adjusted to on
- Custom field mark adjusted to on
- Custom field patch adjusted to on
- Custom field review adjusted to on
- Custom field sensitive adjusted to on
- Custom field testsupdated adjusted to on
- Issue status updated to: Open (was: Closed)

3 years ago

Metadata Update from @atikhonov:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Yes, this is fixed by your patch 469f1ac on the SSSD side and your related IPA patches.

Changed resolution status per this ^^ comment.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4705

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata