Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 970541
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
`ipausers` user group causes performance issues with large deployments of FreeIPA. With tens of thousands of users it takes more then half a minute to add a user. Most of the time is consumed by `ipausers` membership handling even though `ipausers` group present is not necessarily always needed. Mitigate the problem by letting administrator disable `ipausers` membership handling in IPA global configuration. Make sure that: * migrate-ds (uses `ipausers` for GID discovery) * winsync (uses `ipausers` for GID discovery) still work even when the user primary group is away.
As agreed with Tomas, reassigning to jcholast, who had some ideas about different approach to this performance issue.
Committed to master and ipa-3-2.
master:
commit a10521a
commit 30c06f7
commit 55da832
commit 100f13d
ipa-3-2:
commit d87e06d
commit 9d7da2b
commit 7bffd04
commit 916e6d8
As discussed on freeipa-devel, leaving the ticket open until we also fix Web UI part.
Moving open tickets to next month bucket.
Added new hidden internal API parameter --no-members which is used by Web UI to avoid loading membership information when it is not needed:
--no-members
master:[[BR]] 881290b Web UI search optimization[[BR]] b7f10d9 Add new hidden command option to suppress processing of membersh
ipa-3-2:[[BR]] 1af4c10 Web UI search optimization[[BR]] a203e1c Add new hidden command option to suppress processing of membersh
Metadata Update from @mkosek: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.2.x - 2013/07 (bug fixing)
Login to comment on this ticket.