Hi,
I'm wondering whether we should be indexing the ghost users attribute.
Currently we are not.
In general, the ghost attribute is quite similar to the memberuid
attribute and I'm trying to see if the balance between the speed
benefits of having the attribute indexes vs the cost of indexing are
worth it.
The ghost attribute is used on a couple of places. Most prominent are:
* nss responder - when the responder is gathering the list of users
who are members of a group, the members are the combined values of
memberUID and ghost attributes. Here we just check an element of
the group object, no search that includes the "ghost" attribute is
performed.
* LDAP provider - whenever a user is saved or deleted, the sysdb
is searched for any "ghost" entries with value equal to user's name
Which means saving or deleting a user triggers a search that
includes the ghost attribute.
* LDAP provider - when a group is saved and its members are not
resolved yet, a ghost entry is saved instead. I don't see us
searching using the ghost attribute there.
I suspect that indexing would only speed up the situation where we refer
to the ghost attribute in a search filter, right?
Then I suspect we wouldn't gain much by indexing the attribute, but I
wanted to check with the list anyway.
Thanks!