[packages/nss_ldapd] - move broadest search condition to the end of search filter
baggins
baggins at pld-linux.org
Thu Dec 12 12:59:23 CET 2013
commit ee7f95396eef0c9ead89e5d75833d4ff8bbf3cee
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Thu Dec 12 12:55:35 2013 +0100
- move broadest search condition to the end of search filter
Stupid samba4 LDAP resolves searches by the order of conditions in
search filter. This causes very slow response times when search filter
contains broad condition at the begining. Moving those to the end of the
filter greatly improves performance with such servers and doesn't impact
queries to other servers.
nss_ldapd.spec | 4 +-
optimize-queries.patch | 314 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 317 insertions(+), 1 deletion(-)
---
diff --git a/nss_ldapd.spec b/nss_ldapd.spec
index a0961ea..f5a5ac3 100644
--- a/nss_ldapd.spec
+++ b/nss_ldapd.spec
@@ -7,7 +7,7 @@ Summary(pl.UTF-8): Moduł NSS LDAP
Summary(pt_BR.UTF-8): Biblioteca NSS para LDAP
Name: nss_ldapd
Version: 0.9.2
-Release: 2
+Release: 3
License: LGPL v2.1+
Group: Base
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
@@ -16,6 +16,7 @@ Source1: nslcd.init
Source2: nslcd.service
Source3: nslcd.tmpfiles
Patch0: %{name}-no-root.patch
+Patch1: optimize-queries.patch
URL: http://arthurdejong.org/nss-pam-ldapd/
BuildRequires: autoconf >= 2.61
BuildRequires: automake
@@ -96,6 +97,7 @@ zmianę haseł i obsługę sesji.
%prep
%setup -q -n nss-pam-ldapd-%{version}
%patch0 -p1
+%patch1 -p1
%{__sed} -i -e '1s|#!.*|#!%{__python}|' utils/*.py
diff --git a/optimize-queries.patch b/optimize-queries.patch
new file mode 100644
index 0000000..4a38d15
--- /dev/null
+++ b/optimize-queries.patch
@@ -0,0 +1,314 @@
+diff -ur nss-pam-ldapd-0.9.2/nslcd/alias.c nss-pam-ldapd-0.9.2-opt/nslcd/alias.c
+--- nss-pam-ldapd-0.9.2/nslcd/alias.c 2013-05-15 22:55:33.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/alias.c 2013-12-11 18:44:59.052879393 +0100
+@@ -69,8 +69,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- alias_filter, attmap_alias_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_alias_cn, safename, alias_filter);
+ }
+
+ void alias_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/ether.c nss-pam-ldapd-0.9.2-opt/nslcd/ether.c
+--- nss-pam-ldapd-0.9.2/nslcd/ether.c 2013-05-15 22:55:33.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/ether.c 2013-12-11 18:46:05.330191524 +0100
+@@ -71,8 +71,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- ether_filter, attmap_ether_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_ether_cn, safename, ether_filter);
+ }
+
+ static int mkfilter_ether_byether(const char *addrstr,
+@@ -82,8 +82,8 @@
+ representation (e.g. 1:0:e:...) and not with extra leading zeros
+ (e.g. 01:00:0e:...) */
+ /* there should be no characters that need escaping */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- ether_filter, attmap_ether_macAddress, addrstr);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_ether_macAddress, addrstr, ether_filter);
+ }
+
+ void ether_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/group.c nss-pam-ldapd-0.9.2-opt/nslcd/group.c
+--- nss-pam-ldapd-0.9.2/nslcd/group.c 2013-10-29 23:20:01.000000000 +0100
++++ nss-pam-ldapd-0.9.2-opt/nslcd/group.c 2013-12-11 18:47:22.407609074 +0100
+@@ -88,8 +88,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- group_filter, attmap_group_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_group_cn, safename, group_filter);
+ }
+
+ /* create a search filter for searching a group entry
+@@ -98,15 +98,16 @@
+ {
+ if (gidSid != NULL)
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
+- group_filter, attmap_group_gidNumber, gidSid,
++ return mysnprintf(buffer, buflen, "(&(%s=%s\\%02x\\%02x\\%02x\\%02x)%s)",
++ attmap_group_gidNumber, gidSid,
+ (int)(gid & 0xff), (int)((gid >> 8) & 0xff),
+- (int)((gid >> 16) & 0xff), (int)((gid >> 24) & 0xff));
++ (int)((gid >> 16) & 0xff), (int)((gid >> 24) & 0xff),
++ group_filter);
+ }
+ else
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d))",
+- group_filter, attmap_group_gidNumber, (int)gid);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)%s)",
++ attmap_group_gidNumber, (int)gid, group_filter);
+ }
+ }
+
+@@ -124,16 +125,16 @@
+ return -1;
+ /* try to translate uid to DN */
+ if (uid2dn(session, uid, dn, sizeof(dn)) == NULL)
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- group_filter, attmap_group_memberUid, safeuid);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_group_memberUid, safeuid, group_filter);
+ /* escape DN */
+ if (myldap_escape(dn, safedn, sizeof(safedn)))
+ return -1;
+ /* also lookup using user DN */
+- return mysnprintf(buffer, buflen, "(&%s(|(%s=%s)(%s=%s)))",
+- group_filter,
++ return mysnprintf(buffer, buflen, "(&(|(%s=%s)(%s=%s))%s)",
+ attmap_group_memberUid, safeuid,
+- attmap_group_member, safedn);
++ attmap_group_member, safedn,
++ group_filter);
+ }
+
+ static int mkfilter_group_bymemberdn(const char *dn,
+@@ -144,9 +145,9 @@
+ if (myldap_escape(dn, safedn, sizeof(safedn)))
+ return -1;
+ return mysnprintf(buffer, buflen,
+- "(&%s(%s=%s))",
+- group_filter,
+- attmap_group_member, safedn);
++ "(&(%s=%s)%s)",
++ attmap_group_member, safedn,
++ group_filter);
+ }
+
+ void group_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/host.c nss-pam-ldapd-0.9.2-opt/nslcd/host.c
+--- nss-pam-ldapd-0.9.2/nslcd/host.c 2013-05-15 22:55:33.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/host.c 2013-12-11 18:47:49.927877236 +0100
+@@ -71,8 +71,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- host_filter, attmap_host_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_host_cn, safename, host_filter);
+ }
+
+ static int mkfilter_host_byaddr(const char *addrstr,
+@@ -83,8 +83,8 @@
+ if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- host_filter, attmap_host_ipHostNumber, safeaddr);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_host_ipHostNumber, safeaddr, host_filter);
+ }
+
+ void host_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/netgroup.c nss-pam-ldapd-0.9.2-opt/nslcd/netgroup.c
+--- nss-pam-ldapd-0.9.2/nslcd/netgroup.c 2013-05-15 22:55:33.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/netgroup.c 2013-12-11 18:48:15.074788966 +0100
+@@ -70,8 +70,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- netgroup_filter, attmap_netgroup_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_netgroup_cn, safename, netgroup_filter);
+ }
+
+ void netgroup_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/network.c nss-pam-ldapd-0.9.2-opt/nslcd/network.c
+--- nss-pam-ldapd-0.9.2/nslcd/network.c 2013-05-15 22:55:33.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/network.c 2013-12-11 18:48:44.405074831 +0100
+@@ -70,8 +70,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- network_filter, attmap_network_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_network_cn, safename, network_filter);
+ }
+
+ static int mkfilter_network_byaddr(const char *addrstr,
+@@ -82,8 +82,8 @@
+ if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- network_filter, attmap_network_ipNetworkNumber, safeaddr);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_network_ipNetworkNumber, safeaddr, network_filter);
+ }
+
+ void network_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/passwd.c nss-pam-ldapd-0.9.2-opt/nslcd/passwd.c
+--- nss-pam-ldapd-0.9.2/nslcd/passwd.c 2013-10-29 19:18:20.000000000 +0100
++++ nss-pam-ldapd-0.9.2-opt/nslcd/passwd.c 2013-12-11 18:44:36.765995722 +0100
+@@ -92,8 +92,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- passwd_filter, attmap_passwd_uid, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_passwd_uid, safename, passwd_filter);
+ }
+
+ /* create a search filter for searching a passwd entry
+@@ -102,15 +102,16 @@
+ {
+ if (uidSid != NULL)
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
+- passwd_filter, attmap_passwd_uidNumber, uidSid,
++ return mysnprintf(buffer, buflen, "(&(%s=%s\\%02x\\%02x\\%02x\\%02x)%s)",
++ attmap_passwd_uidNumber, uidSid,
+ (int)(uid & 0xff), (int)((uid >> 8) & 0xff),
+- (int)((uid >> 16) & 0xff), (int)((uid >> 24) & 0xff));
++ (int)((uid >> 16) & 0xff), (int)((uid >> 24) & 0xff),
++ passwd_filter);
+ }
+ else
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d))",
+- passwd_filter, attmap_passwd_uidNumber, (int)uid);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)%s)",
++ attmap_passwd_uidNumber, (int)uid, passwd_filter);
+ }
+ }
+
+diff -ur nss-pam-ldapd-0.9.2/nslcd/protocol.c nss-pam-ldapd-0.9.2-opt/nslcd/protocol.c
+--- nss-pam-ldapd-0.9.2/nslcd/protocol.c 2013-10-30 00:01:54.000000000 +0100
++++ nss-pam-ldapd-0.9.2-opt/nslcd/protocol.c 2013-12-11 18:49:25.038804255 +0100
+@@ -70,8 +70,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- protocol_filter, attmap_protocol_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_protocol_cn, safename, protocol_filter);
+ }
+
+ /* create a search filter for searching a protocol entry
+@@ -79,8 +79,8 @@
+ static int mkfilter_protocol_bynumber(int protocol,
+ char *buffer, size_t buflen)
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d))",
+- protocol_filter, attmap_protocol_ipProtocolNumber, protocol);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)%s)",
++ attmap_protocol_ipProtocolNumber, protocol, protocol_filter);
+ }
+
+ void protocol_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/rpc.c nss-pam-ldapd-0.9.2-opt/nslcd/rpc.c
+--- nss-pam-ldapd-0.9.2/nslcd/rpc.c 2013-10-29 23:20:01.000000000 +0100
++++ nss-pam-ldapd-0.9.2-opt/nslcd/rpc.c 2013-12-11 18:49:49.615710527 +0100
+@@ -71,14 +71,14 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- rpc_filter, attmap_rpc_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_rpc_cn, safename, rpc_filter);
+ }
+
+ static int mkfilter_rpc_bynumber(int number, char *buffer, size_t buflen)
+ {
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d))",
+- rpc_filter, attmap_rpc_oncRpcNumber, number);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)%s)",
++ attmap_rpc_oncRpcNumber, number, rpc_filter);
+ }
+
+ void rpc_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/service.c nss-pam-ldapd-0.9.2-opt/nslcd/service.c
+--- nss-pam-ldapd-0.9.2/nslcd/service.c 2013-10-30 00:01:54.000000000 +0100
++++ nss-pam-ldapd-0.9.2-opt/nslcd/service.c 2013-12-11 18:50:43.116232199 +0100
+@@ -77,13 +77,14 @@
+ {
+ if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol)))
+ return -1;
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s)(%s=%s))",
+- service_filter, attmap_service_cn, safename,
+- attmap_service_ipServiceProtocol, safeprotocol);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)(%s=%s)%s)",
++ attmap_service_cn, safename,
++ attmap_service_ipServiceProtocol, safeprotocol,
++ service_filter);
+ }
+ else
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- service_filter, attmap_service_cn, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_service_cn, safename, service_filter);
+ }
+
+ static int mkfilter_service_bynumber(int number, const char *protocol,
+@@ -94,13 +95,14 @@
+ {
+ if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol)))
+ return -1;
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d)(%s=%s))",
+- service_filter, attmap_service_ipServicePort, number,
+- attmap_service_ipServiceProtocol, safeprotocol);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)(%s=%s)%s)",
++ attmap_service_ipServicePort, number,
++ attmap_service_ipServiceProtocol, safeprotocol,
++ service_filter);
+ }
+ else
+- return mysnprintf(buffer, buflen, "(&%s(%s=%d))",
+- service_filter, attmap_service_ipServicePort, number);
++ return mysnprintf(buffer, buflen, "(&(%s=%d)%s)",
++ attmap_service_ipServicePort, number, service_filter);
+ }
+
+ void service_init(void)
+diff -ur nss-pam-ldapd-0.9.2/nslcd/shadow.c nss-pam-ldapd-0.9.2-opt/nslcd/shadow.c
+--- nss-pam-ldapd-0.9.2/nslcd/shadow.c 2013-10-06 16:59:04.000000000 +0200
++++ nss-pam-ldapd-0.9.2-opt/nslcd/shadow.c 2013-12-11 18:51:00.719737206 +0100
+@@ -77,8 +77,8 @@
+ if (myldap_escape(name, safename, sizeof(safename)))
+ return -1;
+ /* build filter */
+- return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
+- shadow_filter, attmap_shadow_uid, safename);
++ return mysnprintf(buffer, buflen, "(&(%s=%s)%s)",
++ attmap_shadow_uid, safename, shadow_filter);
+ }
+
+ void shadow_init(void)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nss_ldapd.git/commitdiff/ee7f95396eef0c9ead89e5d75833d4ff8bbf3cee
More information about the pld-cvs-commit
mailing list