Skip to content

Improve the performance when using enumeration #8395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
aplopez wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Improve the performance when using enumeration #8395

aplopez wants to merge 4 commits into from
+12 −59

Conversation

@aplopez
Copy link
Contributor

@aplopez aplopez commented Jan 21, 2026
edited
Loading

This PR includes:

  • Removal of an unused function.
  • Stop logging a possibly extremely long filter.
  • Fixes a wrong condition invalidating an optimization.
  • Adds a test case for an existing test.

Enumeration, specially when there are 15,000+ users, is slow. This fix helps, but it doesn't work miracles.
In my test environment, the enumeration went from 8 minutes to about 1.

It is important to know that, with such an amount of users, many operations time out. It is necessary to increment the timeout in[nss] and for the domain, but also set large values for ldap_enumeration_refresh_timeout and ldap_search_timeout in the domain. I used these values to avoid any timeout (YMMV):

[domain/ldap.test]
ldap_enumeration_refresh_timeout = 30000
ldap_search_timeout = 6000
timeout = 6000
...

[nss]
timeout = 6000
...

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 21, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request effectively improves performance by optimizing logging, removing an unused function, and correcting a condition related to enumeration. The changes are well-aligned with the stated goals of enhancing enumeration performance, especially for large user bases. The addition of a new test case for the general enumeration scenario ensures that the modified logic is adequately covered.

@alexey-tikhonov alexey-tikhonov self-assigned this Jan 21, 2026
@alexey-tikhonov alexey-tikhonov self-requested a review January 21, 2026 14:44
alexey-tikhonov
alexey-tikhonov reviewed Jan 22, 2026
View reviewed changes
src/db/sysdb_search.c
return ret;
}

int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
Copy link
Member

@alexey-tikhonov alexey-tikhonov Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also

db/sysdb.h:875:int sysdb_enumpwent(TALLOC_CTX *mem_ctx,

?

Copy link
Contributor Author

@aplopez aplopez Jan 22, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just removing unused code. But I have no hard feelings about it. I can remove that commit if it is better to keep this function.

Copy link
Member

@alexey-tikhonov alexey-tikhonov Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, this commit should also remove function declaration from the header.

Copy link
Contributor Author

@aplopez aplopez Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

alexey-tikhonov
alexey-tikhonov reviewed Jan 22, 2026
View reviewed changes
src/db/sysdb_search.c Outdated
DEBUG(SSSDBG_TRACE_LIBS, "Searching timestamp entries with [%s]\n",
dn_filter);

DEBUG(SSSDBG_TRACE_LIBS, "Searching timestamp entries (filter can be long)\n");
Copy link
Member

@alexey-tikhonov alexey-tikhonov Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest keeping filter but with truncation using %.ms format syntax.

Copy link
Contributor Author

@aplopez aplopez Jan 22, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Limited to 50 characters.

@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Jan 22, 2026

Mistype in the commit message: "We must look into de TS cache"

@aplopez
SYSDB: Remove unused function
8a7643e 
Function sysdb_enumpwent() is not used.
It was replaced by sysdb_enumpwent_filter().
@aplopez
NSS: Reduce a possibly extremely long log message
0172b17 
When there are too many users (17,000+) this message can be too long.
Limit it to the first 50 characters.

Resolves: SSSD#6951
@aplopez
NSS: Fix wrong condition invalidating an optimization
02269a8 
We must look into the TS cache only when a name is provided.
Using the TS cache on an unfiltered enumeration is useless.

Resolves: SSSD#6951
@aplopez
TESTS: Improve test_sysdb_enumpwent_filter
c78e8f6 
Added a case that was not checked before. It is the case
when `attr`, `attr_name` and `addtl_filter` are all `NULL`.
@aplopez
Copy link
Contributor Author

aplopez commented Jan 22, 2026

Mistype in the commit message: "We must look into de TS cache"

Fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov left review comments

@sumit-bose sumit-bose Awaiting requested review from sumit-bose

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@sumit-bose sumit-bose

@alexey-tikhonov alexey-tikhonov

Labels

backport-to-sssd-2-9 Bugzilla

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aplopez @alexey-tikhonov @sumit-bose