From 20f182034555fdea736a517d9e6f1f8203ea8b28 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 25 Sep 2012 17:19:44 +0200 Subject: Do not produce unindexed search on every DEL command Every -del command executes an "(objectclass=*)" search to find out if a deleted node has any child nodes which would need to be deleted first. This produces an unindexed search for every del command which biases access log audits and may affect performance too. Since most of the *-del commands delete just a single object (user, group, RBAC objects, SUDO or HBAC objects, ...) and not a tree (automount location, dns zone, ...) run a single entry delete first and only revert to subtree search&delete when that fails. --- ipalib/plugins/baseldap.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'ipalib/plugins') diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 14a46f2d..a55a2324 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1424,7 +1424,13 @@ class LDAPDelete(LDAPMultiQuery): except errors.NotFound: self.obj.handle_not_found(*nkeys) - delete_subtree(dn) + try: + self._exc_wrapper(nkeys, options, ldap.delete_entry)(dn, normalize=self.obj.normalize_dn) + except errors.NotFound: + self.obj.handle_not_found(*nkeys) + except errors.NotAllowedOnNonLeaf: + # this entry is not a leaf entry, delete all child nodes + delete_subtree(dn) for callback in self.get_callbacks('post'): result = callback(self, ldap, dn, *nkeys, **options) -- cgit