diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-09-25 17:19:44 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-10-01 22:37:59 -0400 |
| commit | 941d1e8701c0c3a22ab4e6320686761b64d89c82 (patch) | |
| tree | 6ef2c2ca6709c6c5f946312e7c481411431a35d0 /ipaserver/plugins/ldap2.py | |
| parent | 0e432d33fc4123d70c320c66f00cd7a0082de163 (diff) | |
| download | freeipa-941d1e8701c0c3a22ab4e6320686761b64d89c82.tar.gz freeipa-941d1e8701c0c3a22ab4e6320686761b64d89c82.tar.xz freeipa-941d1e8701c0c3a22ab4e6320686761b64d89c82.zip | |
Do not produce unindexed search on every DEL command
Every <plugin>-del command executes an "(objectclass=*)" search
to find out if a deleted node has any child nodes which would need
to be deleted first. This produces an unindexed search for every del
command which biases access log audits and may affect performance too.
Since most of the *-del commands delete just a single object (user,
group, RBAC objects, SUDO or HBAC objects, ...) and not a tree
(automount location, dns zone, ...) run a single entry delete first
and only revert to subtree search&delete when that fails.
Diffstat (limited to 'ipaserver/plugins/ldap2.py')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index a0b91fd5d..1a754a55f 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -719,6 +719,8 @@ class ldap2(CrudBackend): raise errors.NotAllowedOnRDN(attr=info) except _ldap.FILTER_ERROR: raise errors.BadSearchFilter(info=info) + except _ldap.NOT_ALLOWED_ON_NONLEAF: + raise errors.NotAllowedOnNonLeaf() except _ldap.SUCCESS: pass except _ldap.LDAPError, e: |