[Freeipa-devel] [PATCH] 156 Create pkey-only option for find commands
Martin Kosek
mkosek at redhat.com
Wed Oct 26 18:43:46 UTC 2011
On Wed, 2011-10-26 at 13:32 -0500, Endi Sukma Dewata wrote:
> On 10/26/2011 1:21 PM, Martin Kosek wrote:
> >>> For huge installations there is no way we can do unbound queries. There
> >>> will always be some limit on the number of entries returned, searched, etc.
> >>
> >> Yes, but the search limit using paged results needs to be reasonably
> >> bigger than the standard 100 entries, enough to be used in most deployments.
> >
> > Btw. this is just our arbitrary limit. The default value is 100, but it
> > can be modified via ipa config-mod --searchrecordslimit=INT. You can
> > also use --sizelimit and --timelimit parameters for most of *-find
> > commands to control the limits.
> >
> > I tried:
> > ipa user-find --pkey-only --sizelimit=0
> >
> > and it returned all 300 records in 5.4 seconds.
>
> I think we probably need 2 different size limits: one for regular
> queries (set on LDAP server) and the other for pulling primary keys
> (maintained by IPA server).
>
> Suppose we have a system with 5000 users, we need to be able to pull all
> 5000 primary keys. But for regular queries we probably still want to
> keep a smaller limit.
>
This is true, but I am not sure how can we help on server side with
this. Limits are something that CLI user or Web UI should control via
--sizelimit and --timelimit parameters and the config-mod setting I
referred to. Can you use --pkey-only, --sizelimit and --timelimit
parameters to manage large data sets in WebUI or would you need another
tweak?
What we can do is to make sure that all our *-find commands have
--sizelimit and --timelimit parameters. I see that for example
delegation-find does not have one.
Martin
More information about the Freeipa-devel
mailing list