IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
ed436e4b62
freeipa/install/updates/20-indices.update
Christian Heimes ed436e4b62 Add more LDAP indices 
An index is used to optimize an LDAP operation. Without an index, 389-DS
has to perform a partial or even full table scan. A full database scan can
easily take 10 seconds or more in a large installation.

* automountMapKey: eq, pres (was: eq)
* autoMountMapName: eq
* ipaConfigString: eq
* ipaEnabledFlag: eq
* ipaKrbAuthzData: eq, sub
* accessRuleType: eq
* hostCategory: eq

automountMapKey and autoMountMapName filters are used for automount.

Installation and service discovery (CA, KRA) use ipaConfigString to find
active services and CA renewal master.

SSSD filters with ipaEnabledFlag, accessRuleType, and hostCategory to
find and cache HBAC rules for each host.

ipaKrbAuthzData is used by ipa host-del. The framework performs a
'*arg*' query, therefore a sub index is required, too.

Partly fixes: https://pagure.io/freeipa/issue/7786
Fixes: https://pagure.io/freeipa/issue/7787
Fixes: https://pagure.io/freeipa/issue/7790
Fixes: https://pagure.io/freeipa/issue/7792
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-12-13 17:04:00 +01:00

362 lines
10 KiB
Plaintext
Raw Blame History

#
# Some nss_ldap implementations will always ask for memberuid so we must
# have an index for it.
#
# FreeIPA frequently searches for memberHost and memberUser to determine
# group membership.
#
dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberuid
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberHost
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberUser
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: sub
dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: sub
dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=seealso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
only:nsIndexType: eq
only:nsIndexType: sub
dn: cn=memberof,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberof
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
default:nsIndexType: eq
dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: fqdn
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: macAddress
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
default:nsIndexType: eq
default:nsIndexType: pres
dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: sourcehost
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberservice
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: managedby
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberallowcmd
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: memberdenycmd
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipasudorunas
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipasudorunasgroup
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: automountkey
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
default:nsIndexType: eq
add:nsIndexType: pres
dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: automountMapName
default: ObjectClass: top
default: ObjectClass: nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: ipaConfigString
default: objectClass:top
default: objectClass:nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: ipaEnabledFlag
default: objectClass:top
default: objectClass:nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: ipaKrbAuthzData
default: objectClass: top
default: objectClass: nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
default: nsIndexType: sub
dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipakrbprincipalalias
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
default:nsIndexType: eq
dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipauniqueid
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
default:nsIndexType: eq
dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipatokenradiusconfiglink
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaassignedidview
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaallowedtarget
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaMemberCa
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaMemberCertProfile
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
only:nsIndexType: sub
dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: userCertificate
default:ObjectClass: top
default:ObjectClass: nsIndex
only:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ntUniqueId
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ntUserDomainId
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipalocation
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only:nsIndexType: eq
only:nsIndexType: pres
dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: krbPrincipalName
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only: nsMatchingRule: caseIgnoreIA5Match
only: nsMatchingRule: caseExactIA5Match
only:nsIndexType: eq
only:nsIndexType: sub
dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: krbCanonicalName
default: objectClass: top
default: objectClass: nsIndex
only: nsSystemIndex: false
only: nsIndexType: eq
only: nsIndexType: sub
dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: serverhostname
default: objectClass: top
default: objectClass: nsIndex
only: nsSystemIndex: false
only: nsIndexType: eq
only: nsIndexType: sub
dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
default: cn: description
default: objectclass: top
default: objectclass: nsindex
default: nssystemindex: false
default: nsindextype: eq
default: nsindextype: sub
dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
default: cn: l
default: objectclass: top
default: objectclass: nsindex
default: nssystemindex: false
default: nsindextype: eq
default: nsindextype: sub
dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
default: cn: nsOsVersion
default: objectclass: top
default: objectclass: nsindex
default: nssystemindex: false
default: nsindextype: eq
default: nsindextype: sub
dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
default: cn: nsHardwarePlatform
default: objectclass: top
default: objectclass: nsindex
default: nssystemindex: false
default: nsindextype: eq
default: nsindextype: sub
dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
default: cn: nsHostLocation
default: objectclass: top
default: objectclass: nsindex
default: nssystemindex: false
default: nsindextype: eq
default: nsindextype: sub
dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: ipServicePort
default: objectClass: top
default: objectClass: nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: accessRuleType
default: objectClass:top
default: objectClass:nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default: cn: hostCategory
default: objectClass:top
default: objectClass:nsIndex
default: nsSystemIndex: false
default: nsIndexType: eq
Reference in New Issue View Git Blame Copy Permalink