New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nis server: limit group.byname and group.bygid maps to POSIX groups #6867
base: master
Are you sure you want to change the base?
Conversation
9b67430
to
bffdee6
Compare
Is there a way to tell in the logs that a NIS rebuild is triggered? Or can this be observed only by the reduced time to add a new user? How many users did you test with? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
For NIS maps only POSIX groups make sense. Limit searches to those. This should avoid pulling groups like 'ipausers' into NIS maps. It also will help with large non-POSIX groups being rebuilt when a new member is added because then NIS maps wouldn't need to be rebuilt. In a real life scenario this reduced time spent on adding a user from 45 seconds to 15 seconds: 'ipausers' group membership change does not trigger a rebuild of NIS maps anymore. Fixes: https://pagure.io/freeipa/issue/9388 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
bffdee6
to
1af8159
Compare
Rebased and removed the temporary commit which used 389-ds nightly COPR. |
New installation and upgrade work well (tested both with the plugin enabled or disabled). |
According to the reporter (in bugzilla), they have had ~2100 users in Thus a test would be to create new users continuously. I believe |
I tested with NIS enabled with and without the patch applied using a different methodology. I did the time to add 2100 users sequentially. There is no apparently difference in the times with and without the patch. In total it takes ~230 minutes. Without NIS enabled it takes 30m. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
For NIS maps only POSIX groups make sense. Limit searches to those. This should avoid pulling groups like 'ipausers' into NIS maps. It also will help with large non-POSIX groups being rebuilt when a new member is added because then NIS maps wouldn't need to be rebuilt.
In a real life scenario this reduced time spent on adding a user from 45 seconds to 15 seconds: 'ipausers' group membership change does not trigger a rebuild of NIS maps anymore.
Fixes: https://pagure.io/freeipa/issue/9388