feat: Add user_dn_hash field to improve User::getFromDBbyDn performance #16096
Conversation
|
Please note that there is currently an issue with the database migration tests from version 0.80 using MyISAM and virtual columns under MySQL. |
|
Are we sure a new PHP extension is really to be required? Anyway, it should not be in bugfixes; and not only in composer.json |
ext-hash is an old extension that was included in php 7.4. However, if I don't add the extension to the composer.json, On reflection, this doesn't seem to be the right method. You can add the function to the whitelist in the |
I'm not sure is can really be used for an exploit; we can also use We rely on some |
Regarding the bugfixes/main debate, this change is introduced because the current So IMO this is kinda a bugfix and it would be best to stay on the 10.0.11 target (as long as we can drop the new ext requirement). |
If it's part of php core since 7.4; then it's certainly OK to add it - I've not checked (and I do not really know how to) |
Anyway, I do not know if we have to add a check GLPI side; composer.json will only be used on development, not from release archive. |
|
Regarding the issues: 1) Composer hash It seems @cedric-anne already encountered the issue and fixed in directly in composer require checker : maglnet/ComposerRequireChecker#399 Maybe it was not fixed completely and we should open an issue on their side ? 2) Unsupported index on virtual fields for Mysql + Myisam Should we fallback to a "real" field or can we make an exception for this ? |
Switching to InnoDB is not yet mandatory, we cannot change this is a bugfixes version. |
Yeah I expect that of course, but maybe the error should not be flagged as an issue ? It wont make anything worse for users on myisam while it will improve speed for anyone else. (Can we still drop myisam for GLPI 10.1 tho ?) |
I think it would be easier to use a "concrete" field than fixing the CI to handle this case. But if you find an easy way to activate the index only if user uses InnoDB at the migration time, without changing too many things on the CI env, I guess it would be OK.
We should probably, and I would like to do it, but it is not yet done and not sure we would have time to do this. |
There was a problem hiding this comment.
I guess we'll have to stick to a normal field then (sadly).
@ccailly can you rework the field into a concrete field ?
ccailly
force-pushed
the
fix/optimize-user-getFromDBbyDn-with-sha2-index
branch
2 times, most recently
from
e1a2286 to
9e037be
Compare
ccailly
force-pushed
the
fix/optimize-user-getFromDBbyDn-with-sha2-index
branch
from
9e037be to
08268b5
Compare
|
@trasher I rebased on main as you asked yesterday but I don't see your issue in the PR thread anymore. Should I keep main on target or switch back to bugfixes? |
|
keep in main for now, once approved we'll see where it will go with @cedric-anne and @orthagh |
|
Please also add unit tests; this should not be too hard. |
ccailly
force-pushed
the
fix/optimize-user-getFromDBbyDn-with-sha2-index
branch
from
08268b5 to
c7da5cf
Compare
fix(auth-ldap): unset user_dn_hash for sql insert feat(composer.json): add ext-hash to required PHP extensions Revert "feat(composer.json): add ext-hash to required PHP extensions" This reverts commit 370b4f4. chore: Update ComposerRequireChecker config to whitelist hash function Revert "chore: Update ComposerRequireChecker config to whitelist hash function" This reverts commit 8e3cdc9. fix: use md5 algo and drop virtual key usage
trasher
force-pushed
the
fix/optimize-user-getFromDBbyDn-with-sha2-index
branch
from
c7da5cf to
9fc18ac
Compare
Co-authored-by: Cédric Anne <[email protected]>
…ce (glpi-project#16096) * feat(user): optimize User::getFromDBbyDn() by adding user_dn_hash fix(auth-ldap): unset user_dn_hash for sql insert feat(composer.json): add ext-hash to required PHP extensions Revert "feat(composer.json): add ext-hash to required PHP extensions" This reverts commit 370b4f4. chore: Update ComposerRequireChecker config to whitelist hash function Revert "chore: Update ComposerRequireChecker config to whitelist hash function" This reverts commit 8e3cdc9. fix: use md5 algo and drop virtual key usage * Apply suggestions from code review Co-authored-by: Cédric Anne <[email protected]> * refactor(user): Update user_dn_hash directly in pre_addInDB/pre_updateInDB * test(user): Ensure user_dn_hash is emptied when user_dn is set to empty or null --------- Co-authored-by: Cédric Anne <[email protected]>
…ce (glpi-project#16096) * feat(user): optimize User::getFromDBbyDn() by adding user_dn_hash fix(auth-ldap): unset user_dn_hash for sql insert feat(composer.json): add ext-hash to required PHP extensions Revert "feat(composer.json): add ext-hash to required PHP extensions" This reverts commit 370b4f4. chore: Update ComposerRequireChecker config to whitelist hash function Revert "chore: Update ComposerRequireChecker config to whitelist hash function" This reverts commit 8e3cdc9. fix: use md5 algo and drop virtual key usage * Apply suggestions from code review Co-authored-by: Cédric Anne <[email protected]> * refactor(user): Update user_dn_hash directly in pre_addInDB/pre_updateInDB * test(user): Ensure user_dn_hash is emptied when user_dn is set to empty or null --------- Co-authored-by: Cédric Anne <[email protected]>
Description:
This PR introduces a new field
user_dn_hashin theglpi_userstable. This field is a virtual field that is generated by hashing theuser_dnfield. This change is aimed at improving the performance of queries that involve theuser_dnfield by using the hashed value instead.Changes:
ext-hashto the required PHP extensions incomposer.jsonandcomposer.lockto avoid soft dependency issues.user.phpininstall/migrations/update_10.0.10_to_10.0.11/to add theuser_dn_hashfield and its index to theglpi_userstable.glpi-empty.sqlto include theuser_dn_hashfield and its index in theglpi_userstable creation statement.getFromDBbyDnmethod inUser.phpto use theuser_dn_hashfield for the database query.AuthLdap.phpto unset theuser_dn_hashfield in theduparray.