You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The LDAP provider ANDs the LDAP filter it uses from objectclass component (normally objectclass=posixAccount), existence of a name attribute (cn=*) and, if using POSIX attribute, the presence of an ID (uidNumber=*). However, with many widely used object classes, like posixAccount, the presence of the name and uidNumber attribute is already guaranteed by the object class itself.
We might introduce an optional optimization, that would allow the administrator to simplify the filter, relying on the objectclass only. This optimization might be an extra option (maybe the filter) and would not be used by default to be on the safe side.
This enhancement would speed up processing of the LDAP queries. A user on the sssd-users list reported that the processing of filters being based on the objectclass only was much faster than the complex filter we use.
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2332
The LDAP provider ANDs the LDAP filter it uses from objectclass component (normally
objectclass=posixAccount
), existence of a name attribute (cn=*
) and, if using POSIX attribute, the presence of an ID (uidNumber=*
). However, with many widely used object classes, likeposixAccount
, the presence of the name and uidNumber attribute is already guaranteed by the object class itself.We might introduce an optional optimization, that would allow the administrator to simplify the filter, relying on the objectclass only. This optimization might be an extra option (maybe the filter) and would not be used by default to be on the safe side.
Comments
Comment from jhrozek at 2014-05-13 09:30:19
This enhancement would speed up processing of the LDAP queries. A user on the sssd-users list reported that the processing of filters being based on the objectclass only was much faster than the complex filter we use.
Comment from dpal at 2014-05-15 15:49:36
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
rhbz: => todo
Comment from amessina at 2014-07-23 09:24:55
Fields changed
cc: => amessina@messinet.com
Comment from jhrozek at 2016-02-16 14:31:50
I think this falls under the 'patches welcome' umbrella..
mark: => 0
milestone: SSSD 1.14 beta => SSSD Deferred
sensitive: => 0
Comment from jhrozek at 2017-02-24 14:59:07
Metadata Update from @jhrozek:
Comment from pbrezina at 2020-03-24 14:17:57
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Comment from pbrezina at 2020-03-24 14:17:58
Metadata Update from @pbrezina:
The text was updated successfully, but these errors were encountered: