For large groups, eg. ipausers with 30K users, the method tries to get members of it members.
The ldap search is done with:
With 30k member users, this search is inefficient and returns a lot of results. With time_limit=2s, it's good chance, that it will fail with limits exceeded error. If not, it will do 300 paged searches because of paged_search=true and size_limit=100.
Result
ipa group-find
ipa group-show
Possible improvements:
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1204637 (Red Hat Enterprise Linux 7)
master:
Metadata Update from @pvoborni: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.