diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-10-05 10:37:05 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-06 17:06:14 -0400 |
commit | 03c8a34cb3b7a635e5a853c648cafe5ea9f9a126 (patch) | |
tree | 3aeef44f3798b8dc6b25bb8f9195ca20fd296f76 /ipaserver/plugins | |
parent | af63731363c23f879ccefcd4b03695f463dbab3f (diff) | |
download | freeipa-03c8a34cb3b7a635e5a853c648cafe5ea9f9a126.tar.gz freeipa-03c8a34cb3b7a635e5a853c648cafe5ea9f9a126.tar.xz freeipa-03c8a34cb3b7a635e5a853c648cafe5ea9f9a126.zip |
When calculating indirect membership don't test nesting on users and hosts.
Members are dereferenced when calculating indirect membership. We don't
need to check hosts and users for members.
This significantly reduces the number of queries required for large groups.
https://fedorahosted.org/freeipa/ticket/1885
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index b12403b93..fddfe0f5a 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -42,6 +42,7 @@ import ldap.sasl as _ldap_sasl from ldap.controls import LDAPControl # for backward compatibility from ldap.functions import explode_dn +from ipalib.dn import DN import krbV @@ -987,6 +988,13 @@ class ldap2(CrudBackend, Encoder): if membertype == MEMBERS_ALL or membertype == MEMBERS_INDIRECT: checkmembers = copy.deepcopy(members) for member in checkmembers: + # No need to check entry types that are not nested for + # additional members + dn = DN(member) + if dn.endswith(DN(api.env.container_user, api.env.basedn)) or \ + dn.endswith(DN(api.env.container_host, api.env.basedn)): + results.append([member, {}]) + continue try: (result, truncated) = self.find_entries(searchfilter, attr_list, member, time_limit=time_limit, |