39eaf2f Add index and container for RFC 2307 IP services

Authored and Committed by cheimes 2 years ago
    Add index and container for RFC 2307 IP services
    IPA doesn't officially support RFC 2307 IP services. However SSSD has a
    nsswitch plugin to provide service lookups. The subtree search for
    (&(ipserviceport=$PORT)(ipserviceprotocol=$SRV)(objectclass=ipservice)) in
    cn=accounts,$SUFFIX has caused performance issues on large
    This patch introduced a dedicated container
    cn=ipservices,cn=accounts,$SUFFIX for IP services for future use or 3rd
    party extensions. SSSD will be change its search base in an upcoming
    release, too.
    A new ipServicePort index is added to optimize searches for an IP
    service by port. There is no index on ipServiceProtocol because the index
    would have poor selectivity. An ipService entry has either 'tcp' or 'udp'
    as protocol.
    Fixes: https://pagure.io/freeipa/issue/7797
    See: https://pagure.io/freeipa/issue/7786
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+10 -0