URL: https://github.com/freeipa/freeipa/pull/2669 Author: tiran Title: #2669: [Backport][ipa-4-6] Add index and container for RFC 2307 IP services Action: opened
PR body: """ This PR was opened automatically because PR #2661 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2669/head:pr2669 git checkout pr2669
From f7734ed8634b44cdfbf149a44afbf6a1da219b98 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Fri, 7 Dec 2018 13:08:49 +0100 Subject: [PATCH] Add index and container for RFC 2307 IP services IPA doesn't officially support RFC 2307 IP services. However SSSD has a nsswitch plugin to provide service lookups. The subtree search for (&(ipserviceport=$PORT)(ipserviceprotocol=$SRV)(objectclass=ipservice)) in cn=accounts,$SUFFIX has caused performance issues on large installations. This patch introduced a dedicated container cn=ipservices,cn=accounts,$SUFFIX for IP services for future use or 3rd party extensions. SSSD will be change its search base in an upcoming release, too. A new ipServicePort index is added to optimize searches for an IP service by port. There is no index on ipServiceProtocol because the index would have poor selectivity. An ipService entry has either 'tcp' or 'udp' as protocol. Fixes: https://pagure.io/freeipa/issue/7797 See: https://pagure.io/freeipa/issue/7786 Signed-off-by: Christian Heimes <chei...@redhat.com> --- install/share/bootstrap-template.ldif | 6 ++++++ install/share/indices.ldif | 10 ++++++++++ install/updates/20-indices.update | 7 +++++++ install/updates/30-ipservices.update | 6 ++++++ 4 files changed, 29 insertions(+) create mode 100644 install/updates/30-ipservices.update diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index ea1e5b222e..b19de724f3 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -34,6 +34,12 @@ objectClass: top objectClass: nsContainer cn: hostgroups +dn: cn=ipservices,cn=accounts,$SUFFIX +changetype: add +objectClass: top +objectClass: nsContainer +cn: ipservices + dn: cn=alt,$SUFFIX changetype: add objectClass: nsContainer diff --git a/install/share/indices.ldif b/install/share/indices.ldif index e91ef01ed7..f8eaff4c6b 100644 --- a/install/share/indices.ldif +++ b/install/share/indices.ldif @@ -333,3 +333,13 @@ objectClass: nsindex nssystemindex: false nsindextype: eq nsindextype: sub + +# NOTE: There is no index on ipServiceProtocol because the index would have +# poor selectivity. An ipService entry has either 'tcp' or 'udp' as protocol. +dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +changetype: add +cn: ipServicePort +objectClass: top +objectClass: nsIndex +nsSystemIndex: false +nsIndexType: eq diff --git a/install/updates/20-indices.update b/install/updates/20-indices.update index d1704adfc2..49bd3b6460 100644 --- a/install/updates/20-indices.update +++ b/install/updates/20-indices.update @@ -308,3 +308,10 @@ default: objectclass: nsindex default: nssystemindex: false default: nsindextype: eq default: nsindextype: sub + +dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +default: cn: ipServicePort +default: objectClass: top +default: objectClass: nsIndex +default: nsSystemIndex: false +default: nsIndexType: eq diff --git a/install/updates/30-ipservices.update b/install/updates/30-ipservices.update new file mode 100644 index 0000000000..01a6d52f83 --- /dev/null +++ b/install/updates/30-ipservices.update @@ -0,0 +1,6 @@ +# container for RFC 2307 IP services + +dn: cn=ipservices,cn=accounts,$SUFFIX +default: objectClass: top +default: objectClass: nsContainer +default: cn: ipservices
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
