[Freeipa-devel] [PATCH] 22 Add memberHost and memberUser to default indexes
Rich Megginson
rmeggins at redhat.com
Fri Apr 1 18:06:27 UTC 2011
On 04/01/2011 11:26 AM, Rob Crittenden wrote:
> JR Aquino wrote:
>> On Mar 30, 2011, at 1:16 PM, JR Aquino wrote:
>>
>>> The plugin architecture makes a great deal of calls to search for
>>> memberUser and memberHost. These attributes are missing from the
>>> index and are greatly slowing down the CLI and WebUI.
>>>
>>> They should be added as Equality Indexes, as the searches that are
>>> performed are meant for enumeration after the exact value is known.
>>>
>>> <freeipa-jraquino-0022-Add-memberHost-and-memberUser-to-default-indexes.patch>_______________________________________________
>>>
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> Missed some trailing whitespace.
>>
>> Corrected patch attached.
>
> After loading this the 389-ds error logs spit out:
>
> [01/Apr/2011:13:26:01 -0400] - The attribute [memberHost] does not
> have a valid ORDERING matching rule - error 2:s
> [01/Apr/2011:13:26:01 -0400] - The attribute [memberUser] does not
> have a valid ORDERING matching rule - error 2:s
Looking at the schema in 60basev2.ldif - it looks as though there are
many attributes that do not have an ORDERING matching rule specified
correctly:
attributeTypes: (2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC
'Reference to a principal that performs an action (usually user).' SUP
distinguishedName EQUALITY distinguishedNameMatch ORDERING
distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC
'Reference to a device where the operation takes place (usually host).'
SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING
distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
1.3.6.1.4.1.1466.115.121.1.12 is DN syntax - there is no ORDERING
matching rule for DN syntax - is there some reason you want to be able
to do range searches on DN values?
attributeTypes: (2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC
'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
This should be ORDERING caseIgnoreOrderingMatch - looks like there may
be more of these too.
>
> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list