[Freeipa-devel] [PATCH] 145 Optimize member/memberof searches in LDAP
Rob Crittenden
rcritten at redhat.com
Thu Oct 13 03:48:28 UTC 2011
Martin Kosek wrote:
> How to test:
>
> 1) Add some nested membership relationships:
> $ ipa group-add --desc=foo group1
> $ ipa group-add --desc=foo group2
> $ ipa user-add --first=Foo --last=Bar foobar
>
> $ ipa role-add-member helpdesk --groups=group2
> $ ipa group-add-member group2 --groups=group1
> $ ipa group-add-member group1 --users=foobar
>
> 2) Start receiving all SCOPE_SUBTREE (scope=2) searches in LDAP:
> # tail -f /var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/access | grep SRCH | grep "scope=2" | grep -v krbprincipalaux
>
> 3) Do some -show commands to see the unnecessary SCOPE_SUBTREE (scope=2)
> searches we do to get memberships:
>
> $ ipa role-show helpdesk --all --raw
> $ ipa user-show foobar --all --raw
> etc.
>
> Martin
ACK, pushed to master and ipa-2-1
rob
More information about the Freeipa-devel
mailing list