nis server: limit group.byname and group.bygid maps to POSIX groups #6867
Conversation
abbra
added
ipa-4-9
abbra
force-pushed
the
compat-tree-speedup
branch
5 times, most recently
from
9b67430
to
bffdee6
Compare
|
Is there a way to tell in the logs that a NIS rebuild is triggered? Or can this be observed only by the reduced time to add a new user? How many users did you test with? |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
For NIS maps only POSIX groups make sense. Limit searches to those. This should avoid pulling groups like 'ipausers' into NIS maps. It also will help with large non-POSIX groups being rebuilt when a new member is added because then NIS maps wouldn't need to be rebuilt. In a real life scenario this reduced time spent on adding a user from 45 seconds to 15 seconds: 'ipausers' group membership change does not trigger a rebuild of NIS maps anymore. Fixes: https://pagure.io/freeipa/issue/9388 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
abbra
force-pushed
the
compat-tree-speedup
branch
from
bffdee6
to
1af8159
Compare
|
Rebased and removed the temporary commit which used 389-ds nightly COPR. |
|
New installation and upgrade work well (tested both with the plugin enabled or disabled). |
|
According to the reporter (in bugzilla), they have had ~2100 users in Thus a test would be to create new users continuously. I believe |
|
I tested with NIS enabled with and without the patch applied using a different methodology. I did the time to add 2100 users sequentially. There is no apparently difference in the times with and without the patch. In total it takes ~230 minutes. Without NIS enabled it takes 30m. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
For NIS maps only POSIX groups make sense. Limit searches to those. This should avoid pulling groups like 'ipausers' into NIS maps. It also will help with large non-POSIX groups being rebuilt when a new member is added because then NIS maps wouldn't need to be rebuilt.
In a real life scenario this reduced time spent on adding a user from 45 seconds to 15 seconds: 'ipausers' group membership change does not trigger a rebuild of NIS maps anymore.
Fixes: https://pagure.io/freeipa/issue/9388