The majority of the name-find plugins appear to be searching for the unindexed attributes: memberUser and memberHost, regardless of whether the 'value' in question can be present in either of those attributes.
Ticket #1138 has been created to address the adding of memberUser and memberHost as Equality Indexes.
It also appears that unindexed substring searches take place for the following attrs:
memberofindirect memberindirect description
Triage will need to weigh in to determine whether or not these 3 attributes need to be added to the index.
Putting into 2.1 We should at least investigate it there.
The following patch Removes around 20 lines of code and provides a substantial increase in performance for FreeIPA member/memberof verification searches. The current code base blindly searches static containers for the possible presence of members. This patch provides a method for dynamically identifying the specific objects to verify memberships for. <Without patch> ipa hostgroup-find ... ----------------------------- Number of entries returned 52 ----------------------------- real 0m20.054s user 0m0.934s sys 0m0.050s <With Patch> ipa find-hostgroup ... ----------------------------- Number of entries returned 52 ----------------------------- real 0m15.064s user 0m0.945s sys 0m0.057s ------------------------------ Number of entries returned 100 ------------------------------ real 0m16.471s user 0m0.814s sys 0m0.040s <Without Patch> ipa host-find ... ------------------------------ Number of entries returned 100 ------------------------------ real 0m41.277s user 0m0.806s sys 0m0.060s <With Patch> ipa host-find ... ------------------------------ Number of entries returned 100 ------------------------------ real 0m16.385s user 0m0.814s sys 0m0.053s
attachment freeipa-jraquino-0023-Optimize-and-dynamicly-verify-group-membership.patch
NOTE: the correctly spelled patch is the appropriate one: "freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch "
attachment freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.2.patch
New correction patch attached.
A try/except block was resetting the results variable.
It has now been corrected.
It was also found that this patch addresses the problems recorded in ticket: https://fedorahosted.org/freeipa/ticket/1133
The Correct Patch freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.3.patch
Added comments to address relationship with ticket# 1133
Very sorry for the messy list of attachments. There were a lot of moving parts and an unexpected fixed to external ticket.
Tested clean against all xmlrpc tests.
FINAL PATCH (Please Ignore ALL others) (sorry for the mess) freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch
master: cc0e668
ipa-2-0: e71c5ae
Metadata Update from @jraquino: - Issue assigned to jraquino - Issue set to the milestone: FreeIPA 2.1 - 2011/08 (Final)
Login to comment on this ticket.