Issue #8491: Unindexed searches in FreeIPA git master - freeipa

freeipa

#8491 Unindexed searches in FreeIPA git master

Closed: fixed 3 years ago by rcritten. Opened 3 years ago by abbra.

I have a test instance which I use for Global Catalog development and on it I can see a plenty of unindexed searches. Most of them are related to Kerberos KDB driver searches and to trust operations:

  Unindexed Component #1 (notes=U)
  -  Date/Time:             31/Aug/2020:08:22:49
  -  Connection Number:     3
  -  Operation Number:      290
  -  Etime:                 0.000398301
  -  Nentries:              0
  -  IP Address:            Unknown_Host
  -  Search Base:           cn=ad,cn=trusts,dc=ipa,dc=test
  -  Search Scope:          1 (one)
  -  Search Filter:         (&(ipanttrustpartner=*)(!(ipantsecurityidentifier=*)))

  Unindexed Component #2 (notes=U)
  -  Date/Time:             31/Aug/2020:08:23:13
  -  Connection Number:     32
  -  Operation Number:      6
  -  Etime:                 0.000500962
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #3 (notes=U)
  -  Date/Time:             31/Aug/2020:08:23:13
  -  Connection Number:     32
  -  Operation Number:      8
  -  Etime:                 0.000680578
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #4 (notes=U)
  -  Date/Time:             02/Sep/2020:05:35:17
  -  Connection Number:     350
  -  Operation Number:      9
  -  Etime:                 0.001760503
  -  Nentries:              1
  -  IP Address:            10.0.155.22
  -  Search Base:           cn=accounts,dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-500)(objectclass=posixaccount)(uid=*)(ipantsecurityidentifier=*))
  -  Bind DN:               fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test

  Unindexed Component #5 (notes=U)
  -  Date/Time:             02/Sep/2020:05:38:02
  -  Connection Number:     360
  -  Operation Number:      2
  -  Etime:                 0.001000425
  -  Nentries:              1
  -  IP Address:            10.0.155.22
  -  Search Base:           cn=views,cn=accounts,dc=ipa,dc=test
  -  Search Scope:          1 (one)
  -  Search Filter:         (&(|(cn=*new-view*)(description=*new-view*)(ipadomainresolutionorder=*new-view*))(&(objectclass=ipaidview)(objectclass=top)))
  -  Bind DN:               uid=admin,cn=users,cn=accounts,dc=ipa,dc=test

  Unindexed Component #6 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     847
  -  Operation Number:      4
  -  Etime:                 0.000895871
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-32-545)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #7 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     847
  -  Operation Number:      6
  -  Etime:                 0.000922480
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #8 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     847
  -  Operation Number:      8
  -  Etime:                 0.001297423
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #9 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     848
  -  Operation Number:      12
  -  Etime:                 0.000657328
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #10 (notes=U)
  -  Date/Time:             07/Sep/2020:07:26:15
  -  Connection Number:     11
  -  Operation Number:      8
  -  Etime:                 0.000681528
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #11 (notes=U)
  -  Date/Time:             09/Sep/2020:13:30:43
  -  Connection Number:     19467
  -  Operation Number:      1
  -  Etime:                 0.022714950
  -  Nentries:              6
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal)(objectclass=ipakrbprincipal))(|(ipakrbprincipalalias=*)(krbprincipalname:caseignoreia5match:=%x2a)))
  -  Bind DN:               cn=directory manager

  Unindexed Component #12 (notes=U)
  -  Date/Time:             07/Sep/2020:07:29:07
  -  Connection Number:     44
  -  Operation Number:      11
  -  Etime:                 0.000956193
  -  Nentries:              1
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-1001)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #13 (notes=U)
  -  Date/Time:             08/Sep/2020:07:46:18
  -  Connection Number:     7052
  -  Operation Number:      4
  -  Etime:                 0.000913633
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-32-545)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #14 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7065
  -  Operation Number:      4
  -  Etime:                 0.000960389
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-32-545)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #15 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7065
  -  Operation Number:      6
  -  Etime:                 0.001156017
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #16 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7065
  -  Operation Number:      8
  -  Etime:                 0.001917169
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #17 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7066
  -  Operation Number:      12
  -  Etime:                 0.001027408
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #18 (notes=U)
  -  Date/Time:             08/Sep/2020:07:52:42
  -  Connection Number:     7111
  -  Operation Number:      4
  -  Etime:                 0.001099680
  -  Nentries:              1
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-1001)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #19 (notes=U)
  -  Date/Time:             08/Sep/2020:11:06:47
  -  Connection Number:     8472
  -  Operation Number:      1
  -  Etime:                 0.001727537
  -  Nentries:              6
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal)(objectclass=ipakrbprincipal))(|(ipakrbprincipalalias=*)(krbprincipalname:caseignoreia5match:=%x2a)))
  -  Bind DN:               cn=directory manager

  Unindexed Component #20 (notes=U)
  -  Date/Time:             31/Aug/2020:08:23:13
  -  Connection Number:     32
  -  Operation Number:      5
  -  Etime:                 0.000686049
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-32-545)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #21 (notes=U)
  -  Date/Time:             31/Aug/2020:08:23:13
  -  Connection Number:     32
  -  Operation Number:      7
  -  Etime:                 0.000602588
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #22 (notes=U)
  -  Date/Time:             31/Aug/2020:08:23:13
  -  Connection Number:     32
  -  Operation Number:      9
  -  Etime:                 0.000595979
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #23 (notes=U)
  -  Date/Time:             02/Sep/2020:05:35:17
  -  Connection Number:     350
  -  Operation Number:      8
  -  Etime:                 0.001272785
  -  Nentries:              0
  -  IP Address:            10.0.155.22
  -  Search Base:           cn=accounts,dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-500)(|(objectclass=ipausergroup)(objectclass=posixgroup))(cn=*))
  -  Bind DN:               fqdn=master.ipa.test,cn=computers,cn=accounts,dc=ipa,dc=test

  Unindexed Component #24 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     847
  -  Operation Number:      5
  -  Etime:                 0.000850555
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #25 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     847
  -  Operation Number:      7
  -  Etime:                 0.000885692
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #26 (notes=U)
  -  Date/Time:             04/Sep/2020:16:50:15
  -  Connection Number:     848
  -  Operation Number:      11
  -  Etime:                 0.000721603
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #27 (notes=U)
  -  Date/Time:             07/Sep/2020:07:26:15
  -  Connection Number:     11
  -  Operation Number:      9
  -  Etime:                 0.000528715
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #28 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7065
  -  Operation Number:      5
  -  Etime:                 0.001249014
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #29 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7065
  -  Operation Number:      7
  -  Etime:                 0.003507240
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-514)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #30 (notes=U)
  -  Date/Time:             08/Sep/2020:07:49:05
  -  Connection Number:     7066
  -  Operation Number:      11
  -  Etime:                 0.001447587
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-21-1887756906-4004622436-2017884630-501)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #31 (notes=U)
  -  Date/Time:             08/Sep/2020:07:52:01
  -  Connection Number:     7093
  -  Operation Number:      11
  -  Etime:                 0.001054343
  -  Nentries:              0
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(ipantsecurityidentifier=s-1-5-32-545)(|(objectclass=ipantgroupattrs)(objectclass=ipantuserattrs)))
  -  Bind DN:               krbprincipalname=cifs/master.ipa.test@ipa.test,cn=services,cn=accounts,dc=ipa,dc=test

  Unindexed Component #32 (notes=U)
  -  Date/Time:             08/Sep/2020:11:01:22
  -  Connection Number:     8431
  -  Operation Number:      1
  -  Etime:                 0.001460957
  -  Nentries:              6
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal)(objectclass=ipakrbprincipal))(|(ipakrbprincipalalias=*)(krbprincipalname:caseignoreia5match:=admin)))
  -  Bind DN:               cn=directory manager

  Unindexed Component #33 (notes=U)
  -  Date/Time:             08/Sep/2020:11:02:01
  -  Connection Number:     8437
  -  Operation Number:      1
  -  Etime:                 0.001329263
  -  Nentries:              6
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal)(objectclass=ipakrbprincipal))(|(ipakrbprincipalalias=*)(krbprincipalname:caseignoreia5match:=admin)))
  -  Bind DN:               cn=directory manager

  Unindexed Component #34 (notes=U)
  -  Date/Time:             08/Sep/2020:11:02:56
  -  Connection Number:     8446
  -  Operation Number:      1
  -  Etime:                 0.001253026
  -  Nentries:              6
  -  IP Address:            local
  -  Search Base:           dc=ipa,dc=test
  -  Search Scope:          2 (subtree)
  -  Search Filter:         (&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal)(objectclass=ipakrbprincipal))(|(ipakrbprincipalalias=*)(krbprincipalname:caseignoreia5match:=admin)))
  -  Bind DN:               cn=directory manager

Metadata Update from @rcritten:
- Issue assigned to rcritten

3 years ago

rcritten commented 3 years ago

Most of this looks pretty straigthfoward. Any guess on what request generated this:

  Unindexed Component #5 (notes=U)
  -  Date/Time:             02/Sep/2020:05:38:02
  -  Connection Number:     360
  -  Operation Number:      2
  -  Etime:                 0.001000425
  -  Nentries:              1
  -  IP Address:            10.0.155.22
  -  Search Base:           cn=views,cn=accounts,dc=ipa,dc=test
  -  Search Scope:          1 (one)
  -  Search Filter:         (&(|(cn=*new-view*)(description=*new-view*)(ipadomainresolutionorder=*new-view*))(&(objectclass=ipaidview)(objectclass=top)))
  -  Bind DN:               uid=admin,cn=users,cn=accounts,dc=ipa,dc=test

I'm not sure about adding cn since it covers most objects in IPA. description has an index.

rcritten commented 3 years ago

Candidate PR https://github.com/freeipa/freeipa/pull/5096 minus handling of this one unindexed search.

This search is most likely from ipa idview-find new-view and it may be ok to be unoptimized.

abbra commented 3 years ago

I think you are right. We probably should ignore it.

abbra commented 3 years ago

master:

20b55f4 Add index for more trust-related attributes

cheimes commented 3 years ago

20b55f4 adds indexes with index type pres but not eq. AFAIK the new indexes will only work for presence queries (krbprincipalname=*) but not for fast search of queries like (krbprincipalname=service/host).

abbra commented 3 years ago

We already have eq index since the very start of the project in install/share/indices.ldif:

dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectClass:top
objectClass:nsIndex
cn:krbPrincipalName
nsSystemIndex:false
nsIndexType:eq
nsIndexType:sub

abbra commented 3 years ago

To expand, krbprincipalname pres index is needed for listprincs support in kadmin.local which was added with d00106b.

cheimes commented 3 years ago

Since cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config is already present the commit won't add the pres index type to the index. default lines only have an effect when a new entry is created. They don't modify an existing entries. In order to add a pres index type for krbprincipalname you need

dn: cn=krbprincipalname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
add: nsIndexType: pres

rcritten commented 3 years ago

Yeah, that's on me. I had done the change originally in install/share/indices.ldif and migrated it to an update file and missed changing this one to add from default.

rcritten commented 3 years ago

ipa-4-8:

53a952f Add index for more trust-related attributes

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

abbra commented 3 years ago

master:

05da1f7 Add krbPrincipalName pres index correctly

frenaud commented 3 years ago

ipa-4-8:

672fe14 Add krbPrincipalName pres index correctly

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8491 Unindexed searches in FreeIPA git master Closed: fixed 3 years ago by rcritten. Opened 3 years ago by abbra.

Metadata

#8491 Unindexed searches in FreeIPA git master

Closed: fixed 3 years ago by rcritten. Opened 3 years ago by abbra.