Univention Bugzilla – Bug 54699
Improve performance of UDM REST API
Last modified: 2023-06-20 20:43:53 CEST
The speed of the UDM REST API should be improved. Michael gave some ideas: Better LDAP Connection Handling: - [ ] Local connections of the UDM always via LDAPI: - saves TCP-3-way-handshake - saves TLS negotiation - larger LDAP PDUs possible - [ ] LDAPS instead of LDAP with StartTLS ext.op. - [ ] if necessary use TLSv1.3 for remote accesses - [x] persistent LDAP connection per UDM process - [ ] use proxy auth instead of individual binds MDB tuning if it's really the write accesses - [ ] various MDB parameters - [ ] Avoid over-indexing - [ ] More caching of metadata in the UDM. With this, the UDM apparently spends several round trips per UDM request.
Please make the LDAP connection target configurable → Bug 54623. In a high-load environment that enables load balancing for read operations (at the expense of issues with replication latency).
A request parameter could be to not open() objects. For users/user objects that saves a lot of time, when only simple, non-extended attributes are of interest to the client (like reading the firstname + lastname of a user). That should be the default for search operations. (Is it already?)
(In reply to Daniel Tröder from comment #2) > A request parameter could be to not open() objects. > For users/user objects that saves a lot of time, when only simple, > non-extended attributes are of interest to the client (like reading the > firstname + lastname of a user). This exists already since the beginning via ?properties=firstname&properties=username&properties=lastname. But e.g. ?properties=groups does not work because when properties are specified no open() call is done. open() has nothing to do with extended attributes. All extended attributes are available without open(). open() is only for hooks and resolving of external references. > That should be the default for search operations. (Is it already?) No it's not and we shouldn't change the default.