Description of problem: Customers are storing more and more data in LDAP. In a recent customer ticket there we 21 million of entries and the IDL scan limit was set at the default value of 4000. About 4300 entries ( 0.02 % ) were matching a filter, so the related search was unindexed. In this peculiar case this was an internal search to build the ACI cache, thus the unindexed search was causing a delay of 20 to 30 minutes before the LDAP server could be started. Version-Release number of selected component (if applicable): $ grep 389-ds-base-1 installed-rpms 389-ds-base-1.4.3.13-1.module+el8dsrv+8334+69a46a2e.x86_64 Sun Feb 28 18:01:43 2021 $ How reproducible: Always. Steps to Reproduce: 1. In a large DB, make sure to have more entries with the ldapsubentry objectClass than the IDL scan limit 2. The startup should take minutes due to an internal unindexed search that is used to build the ACI cache Actual results: Long startup time. Expected results: Fast startup. Additional info: This RFE is to evaluate if the default value could be increased ( maybe to 10K ) and if a dynamic behavior could be implemented ( X % of the total number of entries in a suffix would be indexed with a hard limit of 50K? )
Upstream ticket: https://github.com/389ds/389-ds-base/issues/2435
Build tested: 389-ds-base-2.2.7-2.module+el9dsrv+18726+78959e84.x86_64 On a default installation IDL scan limit is raised to INT_MAX: # ldapsearch -x -D "cn=Directory Manager" -w password -b cn=config | grep nsslapd-idlistscanlimit: nsslapd-idlistscanlimit: 2147483646 Marking as VERIFIED.
Hi Pierre! @progier Could you please review the DoxText field with the RN draft. Thanks, Evgenia
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (redhat-ds:12 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3344