Do not produce unindexed search on every DEL command

Every <plugin>-del command executes an "(objectclass=*)" search to find out if a deleted node has any child nodes which would need to be deleted first. This produces an unindexed search for every del command which biases access log audits and may affect performance too. Since most of the *-del commands delete just a single object (user, group, RBAC objects, SUDO or HBAC objects, ...) and not a tree (automount location, dns zone, ...) run a single entry delete first and only revert to subtree search&delete when that fails.
2025-02-25 18:55:28 -06:00 · 2012-09-25 17:19:44 +02:00
parent 0e432d33fc
commit 941d1e8701
3 changed files with 25 additions and 1 deletions
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1501,6 +1501,22 @@ class BadSearchFilter(ExecutionError):
    format = _('Bad search filter %(info)s')


+class NotAllowedOnNonLeaf(ExecutionError):
+    """
+    **4210** Raised when operation is not allowed on a non-leaf entry
+
+    For example:
+
+    >>> raise NotAllowedOnNonLeaf()
+    Traceback (most recent call last):
+      ...
+    NotAllowedOnNonLeaf: Not allowed on non-leaf entry
+    """
+
+    errno = 4210
+    format = _('Not allowed on non-leaf entry')
+
+
 class CertificateError(ExecutionError):
    """
    **4300** Base class for Certificate execution errors (*4300 - 4399*).