On 06/27/2013 09:31 AM, Jan Cholasta wrote:
On 27.6.2013 17:23, Martin Kosek wrote:
Thanks for this effort!
I quickly went through the patches, they mostly look harmless. Except
Subject: [PATCH 4/5] Add missing substring indices for attributes
the referint plugin.
AFAIK, sub index is a very expensive index - as we discussed offline
Rich to advise and confirm this. I think you added it because some
doing substring/wildcard search when an LDAP entry was being deleted
- did you
identify which one it is? Because I would rather get rid of the bad
adding so many sub indices.
The search is hard-coded in the referint plugin, see
Not sure if it makes sense to do a wildcard/substr search here - please
file a ticket with 389 to investigate.
sub index isn't necessarily a bad thing - in this case it may be more
beneficial than harmful - if you have enough nsslapd-idlistscanlimit to
hold the entire candidate list in a single id list without hurting
performance (i.e. a list of 10000 entries is probably ok - a list of
1000000 entries is not)
Secondly, did you also check Web UI performance? I think we could
improve user/group lists performance if we added a new (hidden)
suppress loading membership information which could then be utilized
by Web UI.
Adding Petr Vobornik to CC to consider this.
No, not yet.
Freeipa-devel mailing list