-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/23/2013 03:12 PM, Jakub Hrozek wrote: > The attached patch applies on both master and sssd-1-9 and fixes: > https://fedorahosted.org/sssd/ticket/1806 > > The IPA provider attempted to store the original value of member > attribute to the cache. That caused the memberof plugin to process > the values which was really CPU intensive. > > We don't use the values anywhere and rely on the originalDN > instead, so it's safe to avoid even downloading them. > > Many thanks to Andreas and Simo for their help debugging the > problem. >
Nack I was thinking that we might consider replacing SYSDB_MEMBER with SYSDB_ORIG_MEMBER (so it gets translated to originalMember instead), but if we're really not consuming it anywhere at all, I agree that it makes sense to save bandwidth and storage. So the patch is fine as it is, except for one thing. As a one-time event, we should also update the DB version and purge these entries that already exist. The reason for that is that in the future if we had to re-process the member/memberOf relations in another update, we don't want to force these to be re-evaluated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHINdIACgkQeiVVYja6o6OdFACZAWdYATpK2AACva3ptRhsXAxy 8A4An26jxp6wWmqYkiqFfiSL1FK3aRY+ =1G4i -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel