Dne 10.6.2015 v 13:44 Martin Basti napsal(a):
On 10/06/15 06:40, Fraser Tweedale wrote:
On Tue, Jun 09, 2015 at 04:37:56PM +0200, Martin Basti wrote:
On 09/06/15 08:58, Fraser Tweedale wrote:
On Mon, Jun 08, 2015 at 08:49:06AM +0200, Martin Kosek wrote:
On 06/08/2015 03:31 AM, Fraser Tweedale wrote:
New patches attached. Comments inline.
Thanks Fraser!
...
5)
Missing referint plugin configuration for attribute
'ipacaaclmembercertprofile'
Please add it into install/updates/25-referint.update (+ other
member
attributes if missing)
Added this. There is a comment in 25-referint.update:
# pres and eq indexes defined in 20-indices.update must be set
# for all the attributes
Can you explain what is required here? Is it just to add: I see
things for memberUser and memberHost in indices.ldif but nothing for
memberService. Do I need to add to indices.ldif:
dn: cn=memberProfile,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config
changetype: add
cn: memberProfile
ObjectClass: top
ObjectClass: nsIndex
nsSystemIndex: false
nsIndexType: eq
nsIndexType: pres
nsIndexType: sub
, and similarly for memberCa? Sorry I do not know much about LDAP
indexing.
AFAIR, yes. BTW, where does the "sub" index come from? It is quite
an expensive
index to use and I now cannot think of memberProfile search where
you would
need a substring...
Thanks,
Martin
Updated patch attached, which adds the indices. (Also rebased).
There is a commit that seems to indicate that substring index is
needed, so I have included substring indices in this patchset.
Copied Honza in case he wants to comment.
commit a10521a1dcf69960d6ce0bf5657180b709c297c0
Author: Jan Cholasta <jchol...@redhat.com>
Date: Tue Jun 25 13:16:40 2013 +0000
Add missing substring indices for attributes managed by the
referint plugin.
The referint plugin does a substring search on these
attributes each time an
entry is deleted, which causes a noticable slowdown for
large directories if
the attributes are not indexed.
https://fedorahosted.org/freeipa/ticket/3706
Cheers,
Fraser
ACK
Please send the upgrade patch ASAP :)
--
Martin Basti
Thank you for the ACK \o/
Since the patches have not been pushed, here is an updated patchset
which adds the upgrade behaviour. There are no changes apart from
the additions to ipaserver/install/server/upgrade.py.
Cheers,
Fraser
ACK
NACK, the new OIDs are not registered.
BTW all new attribute names should have the "ipa" prefix. Also I would
prefer "CertProfile" instead of just "Profile" in certificate profile
related names. Please rename the attributes as follows:
memberCa -> ipaMemberCa
memberProfile -> ipaMemberCertProfile
caCategory -> ipaCaCategory
profileCategory -> ipaCertProfileCategory
Honza
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
