URL: https://github.com/SSSD/sssd/pull/332 Author: sumit-bose Title: #332: sydb: index improvements Action: opened PR body: """ This patch first adds some missing attributes to the index. The most important one here is 'ghost' which is used in the backed during group lookups. Additionally the index for one-level searches @IDXONE is removed. One level searches were only used in a few places and are replace by this patch with sub-tree searches. The main reason for the removal is that maintaining the index is quite costly because it is basically a single huge blob in the underlying tdb database. Finally this patch removes the index on the objectClass attribute and adds a new index on an new attribute called objectCategory which is used instead of objectClass for all objects expect user and group. Typically user and group searches are done by name or ID attributes which are more specific then objectClass. And since most of the objects in the cache will be users and groups a search for all users or groups will be near to a full database search so that the index won't help much in this case either. The reason for removing it are the costs to manage it when there are many users or groups. Due to the index changes some search results are returned in different order. I updated the related tests so that the checks do not depend on a specific order anymore. If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database searches are indicated with a 'ldb FULL SEARCH: ...' debug message. Since there are no extra costs we might want to enable this by default with a certain debug level. Currently there are two types of un-indexed searches. Searches with '(distinguishedName=*)' in the filter are related to sub-tree deletes and '(dataExpireTimestamp<=...)' are related to refresh and cleanup tasks. Please note that '<=' and sub-string searches cannot be indexed. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/332/head:pr332 git checkout pr332