The class LDAPAddMember is a generic class used to add any type of member to any kind of group.
For example, hbacrule-add-host will add hosts in memberhost.
The pre_callback() in LDAPAddMember does an existence check via object.get_dn():
(member_dns, failed) = self.get_member_dns(**options)
Later it calls:
ldap.add_entry_to_group(m_dn, dn, attr, allow_same=self.allow_same)
This does an explicit get_entry() to verify existence.
So for every member added there are 2 searches for the same entry.
The get_dn() search uses [''] for the attribute list. This isn't cached well. I'll experiment with treating this requested set of attrs as the same as ['*'].
I think this is literally asking for only dn but with the exception of huge entries retrieving all attributes could save resources if later requests can use the cached entry.
This is going to be resolved in the general LDAP cache ticket https://pagure.io/freeipa/issue/8798
Metadata Update from @rcritten: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.