[SSSD] indexing ghost users

Hi, I'm wondering whether we should be indexing the ghost users attribute. Currently we are not. In general, the ghost attribute is quite similar to the memberuid attribute and I'm trying to see if the balance between the speed benefits of having the attribute indexes vs the cost of indexing are worth it. The ghost attribute is used on a couple of places. Most prominent are: * nss responder - when the responder is gathering the list of users who are members of a group, the members are the combined values of memberUID and ghost attributes. Here we just check an element of the group object, no search that includes the "ghost" attribute is performed. * LDAP provider - whenever a user is saved or deleted, the sysdb is searched for any "ghost" entries with value equal to user's name Which means saving or deleting a user triggers a search that includes the ghost attribute. * LDAP provider - when a group is saved and its members are not resolved yet, a ghost entry is saved instead. I don't see us searching using the ghost attribute there. I suspect that indexing would only speed up the situation where we refer to the ghost attribute in a search filter, right? Then I suspect we wouldn't gain much by indexing the attribute, but I wanted to check with the list anyway. Thanks!