[Freeipa-devel] [PATCHES] 143-147 Improve performance with large groups
Rich Megginson
rmeggins at redhat.com
Thu Jun 27 15:34:42 UTC 2013
On 06/27/2013 09:31 AM, Jan Cholasta wrote:
> On 27.6.2013 17:23, Martin Kosek wrote:
>> Thanks for this effort!
>>
>> I quickly went through the patches, they mostly look harmless. Except
>> the
>> following:
>>
>> Subject: [PATCH 4/5] Add missing substring indices for attributes
>> managed by
>> the referint plugin.
>>
>> AFAIK, sub index is a very expensive index - as we discussed offline
>> - adding
>> Rich to advise and confirm this. I think you added it because some
>> plugin was
>> doing substring/wildcard search when an LDAP entry was being deleted
>> - did you
>> identify which one it is? Because I would rather get rid of the bad
>> search than
>> adding so many sub indices.
>
> The search is hard-coded in the referint plugin, see
> <https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/plugins/referint/referint.c#n745>.
Not sure if it makes sense to do a wildcard/substr search here - please
file a ticket with 389 to investigate.
sub index isn't necessarily a bad thing - in this case it may be more
beneficial than harmful - if you have enough nsslapd-idlistscanlimit to
hold the entire candidate list in a single id list without hurting
performance (i.e. a list of 10000 entries is probably ok - a list of
1000000 entries is not)
>
>>
>> Secondly, did you also check Web UI performance? I think we could
>> noticeable
>> improve user/group lists performance if we added a new (hidden)
>> option to
>> suppress loading membership information which could then be utilized
>> by Web UI.
>> Adding Petr Vobornik to CC to consider this.
>
> No, not yet.
>
> Honza
>
More information about the Freeipa-devel
mailing list