I would like to discuss the way how we should improve the speed of
user-find commands (and other commands too if possible):
Do not do extra search for ipasshpubkey. This is clear, patch posted for
commands: user, stageuser, host, idview
make --no-members option visible in CLI
I don't think we should implement also --no-indirect-members, I think
that this kind of granularity is not needed.
If --no-members is used, then indirect members will be ignored too.
commands: all which use members
Limit the amount of searches for memberof[indirect] (group, netgroup,
role, hbacrule, sudorule) and search for each dn only once in find commands.
We can have configurable option in default.conf (for example
memberof_search_limit=100 (0 unlimited)). Find commands will get members
only for specified amount and if this limit is exceeded a warning
message is shown.
I do not like this idea much, I think it should be all or nothing, I
prefer to not do this.
However I like the idea of temporary caching inside find commands, where
each memberof DN is resolved just once and results are cached in a map
and reused in current context of command. This should be improvement
mainly for indirect searches, but cache should be faster for direct
members than doing internal calls of framework objects. This part is
backward compatible, the first part is not.
commands: user-find, stageuser-find, possibly all find commands
Remove userPassword, krbPrincipalKey from search results
This change is not backward compatible, can we do this?
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code