freeipa

Clone
Source Code
GIT

#5282 proccessing of member DNs in e.g. user-find might result in very high number of ldap searches
Closed: wontfix 5 years ago by rcritten. Opened 8 years ago by pvoborni.

Closed: wontfix
Reopen Issue

Assume environment:

  • number of users: 300
  • each user member of 5 hbac rules and 5 sudo rules
  • search size limit increased to 300.

Simple user-find will results in:

  • 900 operations #5281
  • additional 300*(5+5) = 3000 search in order to resolve sudo/hbac rule DN(contains nsunique id) to cn

Result: very slow search.

Possible improvements
1. add DNs to a map -> limit the number of searches to a number of rules
2. skip member fetching when unnessary - #4995

-> this ticket is about #1

could be improved by deref=derefAttr:attr search extension

Martin, should we close this as can't fix (issue 1, #5281 and #4995 were fixed)? Given that python-ldap doesn't support deref and the caching didn't improve it much?

4.4.0 was released, moving open tickets to 4.4.1

moving out tickets not implemented in 4.4.1

4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.

Metadata Update from @pvoborni:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Metadata Update from @mbasti:
- Assignee reset
6 years ago

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
performance
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1268449
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.