Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document impact of indices and of scope on performance of LDAP queries #5603

Closed
pbrezina opened this issue Apr 26, 2021 · 1 comment
Closed

document impact of indices and of scope on performance of LDAP queries #5603

pbrezina opened this issue Apr 26, 2021 · 1 comment
Assignees
@pbrezina
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@pbrezina
Copy link
Member

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1925621

Description of problem:

The LDAP queries performed with scope=sub can be complex and overload the LDAP
server.
For example, SUDO rules LDAP queries performed with scope=sub over a large
basedn, could cause an unneeded load.

As a reference of the scope, the customer used:
https://ldapwiki.com/wiki/LDAP%20Search%20Scopes

As changing the sssd scope attribute of the LDAP queries would be disruptive
for the running sssd configurations, as the results would change, we would
suggest at least to document the fact that for best performance sssd should be
set with a smaller scope (eg scope=one).

The customer would recommend considering the switch to scope=one in RHEL9 (or
anyway starting with upstream).

Version-Release number of selected component (if applicable):
Any

How reproducible:

Check the documentation

Steps to Reproduce:
1.
2.
3.

Actual results:

The documentation does not report that scope=sub could introduce a performance
issue

Expected results:

The documentation must report that scope=sub could introduce a performance
issue

Additional info:
@pbrezina pbrezina self-assigned this Apr 26, 2021
pbrezina added a commit to pbrezina/sssd that referenced this issue Apr 27, 2021
@pbrezina
man: document how to tune sudo performance
a5f4b25 
Resolves: SSSD#5603
@pbrezina pbrezina mentioned this issue Apr 27, 2021
Closed
pbrezina added a commit to pbrezina/sssd that referenced this issue May 7, 2021
@pbrezina
man: document how to tune sudo performance
4bd7194 
Resolves: SSSD#5603
@pbrezina
Copy link
Member Author

pbrezina commented May 7, 2021

Pushed PR: #5610

  • master
    • ca47acc - sudo: add ldap_sudo_random_offset
    • d9d5c29 - sudo: reschedule periodic tasks when full refresh is finished
    • c0204c0 - be: add be_ptask_postpone
    • b3247ee - man: document how to tune sudo performance
    • 61a03b2 - man: document how to disable sudo smart and full refresh

@pbrezina pbrezina added the Closed: Fixed Issue was closed as fixed. label May 7, 2021
akuster pushed a commit to akuster/sssd that referenced this issue May 18, 2021
@pbrezina @akuster
man: document how to tune sudo performance
4384781 
Resolves: SSSD#5603

Reviewed-by: Tomáš Halman <thalman@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pbrezina pbrezina

Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pbrezina