From e5389ffd5193fcb7edf3b0c5fa887e46cff986fe Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 12 Oct 2011 09:36:24 +0200 Subject: Optimize member/memberof searches in LDAP When investigating if member/memberof attribute is direct/indirect we do a lot of LDAP SCOPE_SUBTREE searches when we actually search just for one item. Make sure we search only with SCOPE_BASE to improve the performance. One not so efficient iteration was also changed to list comprehension to speed things up a tiny bit. https://fedorahosted.org/freeipa/ticket/1885 --- ipaserver/plugins/ldap2.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 382cc5760..6eeab56a8 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -1001,7 +1001,8 @@ class ldap2(CrudBackend, Encoder): try: (result, truncated) = self.find_entries(searchfilter, attr_list, member, time_limit=time_limit, - size_limit=size_limit, normalize=normalize) + size_limit=size_limit, scope=_ldap.SCOPE_BASE, + normalize=normalize) results.append(list(result[0])) for m in result[0][1].get('member', []): # This member may contain other members, add it to our @@ -1066,18 +1067,16 @@ class ldap2(CrudBackend, Encoder): try: (result, truncated) = self.find_entries(searchfilter, attr_list, group, time_limit=time_limit,size_limit=size_limit, - normalize=normalize) + scope=_ldap.SCOPE_BASE, normalize=normalize) results.extend(list(result)) except errors.NotFound: pass direct = [] - indirect = [] # If there is an exception here, it is likely due to a failure in # referential integrity. All members should have corresponding # memberOf entries. - for m in memberof: - indirect.append(m.lower()) + indirect = [ m.lower() for m in memberof ] for r in results: direct.append(r[0]) try: -- cgit