During an investigation into filter optimisation in 389DS it was discovered that two attributes of the certmap query are unindexed. Due to the nature of LDAP filters, if any member of an OR query is unindexed, the entire OR becomes unindexed.
As a result this query is effectively:
This is then basically a full-table scan, which applies the filter test to the contained members.
The two attributes in question are ipaCertMapData and altsecurityidentities.
For reference, see:
Metadata Update from @pcech:
- Issue tagged with: Falcon
Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3110
Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
to comment on this ticket.