Description of problem:
During a SRCH, lookup for virtual attribute providers is done during evaluating a filter (against a candidate entry) and also for each returned attribute. The lookup of the virtual attribute hashtable is protected with a rwlock that creates contention, even if it is almost always free (in read). In addition the hashtable lookup is costly even if the search attribute is not present in the hashtable.
This was already detected to be an expensive component and a config attribute 'nsslapd-ignore-virtual-attrs' allows to skip virtual attribute lookup (see #511).
This attribute is 'off' by default, so most of the deployments, even if they do not use virtual attributes, are paying the cost of virtual attribute
Describe the solution you'd like
A first possibility is to set 'nsslapd-ignore-virtual-attrs: on' when there is no virtual attributes.
389-ds server defines virtual attributes with 'cos' and 'role' plugins. If there is cos/role definitions and if there is no custom plugin, then set 'nsslapd-ignore-virtual-attrs: on'.
This should be detected at startup and also requires cos/role plugin to enable the flag if a new definition comes in.
A second possibility is too have healthcheck, detecting the same (no cos/role definitions and no custom plugin)
A third possibility is to set 'nsslapd-ignore-virtual-attrs: on' by default and turn it on when a virtual attribute is inserted (other than 'dummyAttr').
Version-Release number of selected component (if applicable):
Steps to Reproduce:
By default vattr are lookup
By default vattr should not be lookup
Third option is not possible. The third option is to initialize ignore-vattr=True and set it on the fly to 'False" if a vattr is registered. The problem is that role plugin is enabled by default and registers 'nsrole'. So by default ignore-vattr would always be return to 'False.
Fix pushed upstream => POST