RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1974236 - RFE automatique disable of virtual attribute checking
Summary: RFE automatique disable of virtual attribute checking
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: 389-ds-base
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: beta
: ---
Assignee: thierry bordaz
QA Contact: RHDS QE
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-21 07:29 UTC by thierry bordaz
Modified: 2022-05-10 14:11 UTC (History)
3 users (show)

Fixed In Version: 389-ds-1.4-8060020211118202403.ce3e8c9c
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-10 13:43:00 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 4678 0 None open RFE automatique disable of virtual attribute checking 2021-06-21 07:31:37 UTC
Red Hat Issue Tracker IDMDS-1753 0 None None None 2021-11-02 15:33:27 UTC
Red Hat Product Errata RHBA-2022:1815 0 None None None 2022-05-10 13:43:29 UTC

Description thierry bordaz 2021-06-21 07:29:57 UTC 
Description of problem:
During a SRCH, lookup for virtual attribute providers is done during evaluating a filter (against a candidate entry) and also for each returned attribute. The lookup of the virtual attribute hashtable is protected with a rwlock that creates contention, even if it is almost always free (in read). In addition the hashtable lookup is costly even if the search attribute is not present in the hashtable.

This was already detected to be an expensive component and a config attribute 'nsslapd-ignore-virtual-attrs' allows to skip virtual attribute lookup (see #511).

This attribute is 'off' by default, so most of the deployments, even if they do not use virtual attributes, are paying the cost of virtual attribute

Describe the solution you'd like
A first possibility is to set 'nsslapd-ignore-virtual-attrs: on' when there is no virtual attributes.
389-ds server defines virtual attributes with 'cos' and 'role' plugins. If there is cos/role definitions and if there is no custom plugin, then set 'nsslapd-ignore-virtual-attrs: on'.
This should be detected at startup and also requires cos/role plugin to enable the flag if a new definition comes in.

A second possibility is too have healthcheck, detecting the same (no cos/role definitions and no custom plugin)

A third possibility is to set 'nsslapd-ignore-virtual-attrs: on' by default and turn it on when a virtual attribute is inserted (other than 'dummyAttr').

Version-Release number of selected component (if applicable):
all

How reproducible:


Steps to Reproduce:
TBD

Actual results:
By default vattr are lookup

Expected results:
By default vattr should not be lookup


Additional info:
Comment 2 thierry bordaz 2021-09-06 15:21:02 UTC 
Third option is not possible. The third option is to initialize ignore-vattr=True and set it on the fly to 'False" if a vattr is registered. The problem is that role plugin is enabled by default and registers 'nsrole'. So by default ignore-vattr would always be return to 'False.
Comment 5 thierry bordaz 2021-09-30 14:01:37 UTC 
Fix pushed upstream => POST
Comment 18 Akshay Adhikari 2021-12-20 15:55:15 UTC 
============================================================================ test session starts ================================================================
platform linux -- Python 3.6.8, pytest-6.2.5, py-1.11.0, pluggy-1.0.0 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-355.el8.x86_64-x86_64-with-redhat-8.6-Ootpa', 'Packages': {'pytest': '6.2.5', 'py': '1.11.0', 'pluggy': '1.0.0'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'ignore-flaky': '2.0.0'}}
389-ds-base: 1.4.3.28-3.module+el8.6.0+13706+e2f14737
nss: 3.67.0-7.el8_5
nspr: 4.32.0-1.el8_4
openldap: 2.4.46-18.el8
cyrus-sasl: not installed
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, ignore-flaky-2.0.0
collected 1788 items / 1782 deselected / 1 skipped / 5 selected                                                                                                             

dirsrvtests/tests/suites/config/config_test.py::test_ignore_virtual_attrs PASSED                                                                                      [ 16%]
dirsrvtests/tests/suites/config/config_test.py::test_ignore_virtual_attrs_after_restart PASSED                                                                        [ 33%]
dirsrvtests/tests/suites/cos/cos_test.py::test_vattr_on_cos_definition PASSED                                                                                         [ 50%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_filtered_role PASSED                                                                                      [ 66%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_filtered_role_restart PASSED                                                                              [ 83%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_managed_role PASSED                                                                                       [100%]

================================================== 6 passed, 1 skipped, 1782 deselected, 218 warnings in 61.85s (0:01:01) =======================================

Marking as Verified: Tested.
Comment 19 Akshay Adhikari 2022-02-21 08:45:35 UTC 
As per this: https://www.port389.org/docs/389ds/design/vattr-automatic-toggle.html#tests


1) When nsslapd-ignore-virtual-attrs is set to off

      Recent       Recent       Recent       Recent      Overall      Overall
Searches/Sec   Avg Dur ms Entries/Srch   Errors/Sec Searches/Sec   Avg Dur ms
------------ ------------ ------------ ------------ ------------ ------------
   13551.453        1.101       21.000        0.000    13551.449        1.101
   13939.461        1.073       21.000        0.000    13745.459        1.087
   13909.260        1.076       21.000        0.000    13800.055        1.083
   13833.368        1.076       21.000        0.000    13808.383        1.081
   13832.600        1.086       21.000        0.000    13813.227        1.082
   13692.930        1.092       21.000        0.000    13793.179        1.084
   13674.087        1.096       21.000        0.000    13776.165        1.086
   13921.984        1.074       21.000        0.000    13794.390        1.084
   13903.031        1.077       21.000        0.000    13806.463        1.083
   13986.178        1.070       21.000        0.000    13824.433        1.082


2) When nsslapd-ignore-virtual-attrs is set to on

      Recent       Recent       Recent       Recent      Overall      Overall
Searches/Sec   Avg Dur ms Entries/Srch   Errors/Sec Searches/Sec   Avg Dur ms
------------ ------------ ------------ ------------ ------------ ------------
   15144.844        0.984       21.000        0.000    15144.840        0.984
   15491.661        0.966       21.000        0.000    15318.251        0.975
   15368.008        0.972       21.000        0.000    15334.836        0.974
   15464.274        0.968       21.000        0.000    15367.195        0.973
   15420.639        0.969       21.000        0.000    15377.883        0.972
   15124.477        0.989       21.000        0.000    15335.651        0.975
   15198.751        0.985       21.000        0.000    15316.091        0.976
   15397.821        0.967       21.000        0.000    15326.307        0.975
   15299.498        0.980       21.000        0.000    15323.329        0.976
   15323.937        0.973       21.000        0.000    15323.389        0.975
Comment 21 errata-xmlrpc 2022-05-10 13:43:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1815
Note You need to log in before you can comment on or make changes to this bug.