Bug 1974236 - RFE automatique disable of virtual attribute checking
Summary: RFE automatique disable of virtual attribute checking
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: 389-ds-base
Version: 8.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: ---
Assignee: thierry bordaz
QA Contact: RHDS QE
Whiteboard: sync-to-jira
Depends On:
TreeView+ depends on / blocked
Reported: 2021-06-21 07:29 UTC by thierry bordaz
Modified: 2021-10-21 07:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 4678 0 None open RFE automatique disable of virtual attribute checking 2021-06-21 07:31:37 UTC

Description thierry bordaz 2021-06-21 07:29:57 UTC
Description of problem:
During a SRCH, lookup for virtual attribute providers is done during evaluating a filter (against a candidate entry) and also for each returned attribute. The lookup of the virtual attribute hashtable is protected with a rwlock that creates contention, even if it is almost always free (in read). In addition the hashtable lookup is costly even if the search attribute is not present in the hashtable.

This was already detected to be an expensive component and a config attribute 'nsslapd-ignore-virtual-attrs' allows to skip virtual attribute lookup (see #511).

This attribute is 'off' by default, so most of the deployments, even if they do not use virtual attributes, are paying the cost of virtual attribute

Describe the solution you'd like
A first possibility is to set 'nsslapd-ignore-virtual-attrs: on' when there is no virtual attributes.
389-ds server defines virtual attributes with 'cos' and 'role' plugins. If there is cos/role definitions and if there is no custom plugin, then set 'nsslapd-ignore-virtual-attrs: on'.
This should be detected at startup and also requires cos/role plugin to enable the flag if a new definition comes in.

A second possibility is too have healthcheck, detecting the same (no cos/role definitions and no custom plugin)

A third possibility is to set 'nsslapd-ignore-virtual-attrs: on' by default and turn it on when a virtual attribute is inserted (other than 'dummyAttr').

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:
By default vattr are lookup

Expected results:
By default vattr should not be lookup

Additional info:

Comment 2 thierry bordaz 2021-09-06 15:21:02 UTC
Third option is not possible. The third option is to initialize ignore-vattr=True and set it on the fly to 'False" if a vattr is registered. The problem is that role plugin is enabled by default and registers 'nsrole'. So by default ignore-vattr would always be return to 'False.

Comment 5 thierry bordaz 2021-09-30 14:01:37 UTC
Fix pushed upstream => POST

Note You need to log in before you can comment on or make changes to this bug.