LDAP group search doesn't use filter

Bug #1177630 reported by Brandon Miles
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Adam Young

Bug Description

It doesn't look like the LDAP search for the group list is using the filter specified in the config. If you have a large group OU, the performance hit is very noticeable.

The actual method is list_user_groups in the GroupApi class. I've attached the patch we've been using in production in case that helps.

Thanks!

Revision history for this message
Brandon Miles (brandon-miles-8) wrote :
summary: - Group search doesn't use filter
+ LDAP group search doesn't use filter
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
tags: added: grizzly-backport-potential
Revision history for this message
Dolph Mathews (dolph) wrote :

Any chance you can sign the CLA and put that patch up for review? It looks fine to me as-is, other than overriding the `filter()` builtin, so I'd just write it as http://paste.openstack.org/raw/38243/

Changed in keystone:
status: New → Confirmed
Revision history for this message
Brandon Miles (brandon-miles-8) wrote :

Thanks Dolph, I'll put that patch up for review. I'll have to get it approved through our legal department first, so it may be a week or so before I can post it.

Revision history for this message
Dolph Mathews (dolph) wrote :

Appreciated!

Adam Young (ayoung)
Changed in keystone:
assignee: nobody → Adam Young (ayoung)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/40283

Changed in keystone:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/40283
Committed: http://github.com/openstack/keystone/commit/ec9b1df7042e02660b39c75ad49ac4115b8f46ad
Submitter: Jenkins
Branch: master

commit ec9b1df7042e02660b39c75ad49ac4115b8f46ad
Author: Adam Young <email address hidden>
Date: Mon Aug 5 17:00:02 2013 -0400

    filter in ldap list_groups_for_user

    Bug 1177630

    Change-Id: I46d393c5f21330c5ab13539f0358fc80b1588660

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → havana-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: havana-3 → 2013.2
Alan Pevec (apevec)
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.