Bug 2066801

Summary: IPA server (389ds) is very slow in execution of some searches (`&(memberOf=...)(objectClass=ipaHost)` in particular)
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: 389-ds-baseAssignee: LDAP Maintainers <ldap-maint>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: urgent Docs Contact:
Priority: high    
Version: 8.4CC: adumitru, atikhono, bsmejkal, dminnich, dwysocha, grajaiya, jhrozek, ldap-maint, lslebodn, mcascell, mreynolds, msauton, mzidek, pbrezina, pkulkarn, ppolawsk, rcritten, sbose, sgouvern, spichugi, tbordaz, tmihinto, toneata, tscherf, vvasilev
Target Milestone: rcKeywords: Performance, Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-1.4.3.16-20.module+el8.4.0+14552+b182c759 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1913199 Environment:
Last Closed: 2022-04-19 15:37:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1913199    
Bug Blocks:    

Comment 5 bsmejkal 2022-04-04 10:19:25 UTC 
Build tested:
389-ds-base-1.4.3.16-20.module+el8.4.0+14552+b182c759.x86_64

Using the steps from https://bugzilla.redhat.com/show_bug.cgi?id=1913199#c54 :

With targetfilter cache enabled:
# time ldapsearch -LLL -h localhost -p 389 -D "uid=demo_user,ou=people,dc=example,dc=com" -w password -b "ou=aci,dc=example,dc=com"
...
real	0m0.419s
user	0m0.017s
sys	0m0.023s


Disabled targetfilter cache:
real	0m3.896s
user	0m0.027s
sys	0m0.040s

With targetfilter cache enabled the operation is much faster, marking as VERIFIED.
Comment 11 errata-xmlrpc 2022-04-19 15:37:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: 389-ds:1.4 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1410