[Freeipa-devel] [PATCH] 145 Optimize member/memberof searches in LDAP
Martin Kosek
mkosek at redhat.com
Wed Oct 12 07:59:23 UTC 2011
How to test:
1) Add some nested membership relationships:
$ ipa group-add --desc=foo group1
$ ipa group-add --desc=foo group2
$ ipa user-add --first=Foo --last=Bar foobar
$ ipa role-add-member helpdesk --groups=group2
$ ipa group-add-member group2 --groups=group1
$ ipa group-add-member group1 --users=foobar
2) Start receiving all SCOPE_SUBTREE (scope=2) searches in LDAP:
# tail -f /var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/access | grep SRCH | grep "scope=2" | grep -v krbprincipalaux
3) Do some -show commands to see the unnecessary SCOPE_SUBTREE (scope=2)
searches we do to get memberships:
$ ipa role-show helpdesk --all --raw
$ ipa user-show foobar --all --raw
etc.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-145-optimize-member-memberof-searches-in-ldap.patch
Type: text/x-patch
Size: 2391 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111012/86630e46/attachment.bin>
More information about the Freeipa-devel
mailing list