CVS update: samba/source/passdb

Tim Potter tpot at
Mon Nov 27 04:56:09 GMT 2000

Gerald Carter writes:

> This is actually a big performance hit.  Tim, we need to 
> revist the dependencies here.  Look at 
> construct_default_printer_sdb() 
> if (!lookup_name( "Printer Administrators", &owner_sid, &name_type) &&
> 	!lookup_name( "Administrators", &owner_sid, &name_type) &&
> 	!lookup_name( "Administrator", &owner_sid, &name_type) &&
> 	!lookup_name("root", &owner_sid, &name_type)) {
> 		sid_copy(&owner_sid, &global_sid_World);
> 	}
> }

Eeek!  This is not the correct way to look up names as it isn't
portable across non-English NT machines - just ask Mr JF
Administrateur about it.  (-:

The correct way (which also indirectly solves this lookup
problem) is to construct a sid using global_sam_sid and append a
well known RID value from rpc_misc.h:

DOMAIN_USER_RID_ADMIN for the administrator user
DOMAIN_GROUP_RID_ADMINS for the Administrators group

and so on.

For actual named accounts like root you will probably have to do
a lookup.

> This code (indirectly using local_lookup_name()) was making 
> it impossible to print.  I had a LDAP server providing about 
> 6,000 accounts.  Simply trying to look at the printer
> properties was impossible because of the getpwnam() calls.
> local_lookup_name() need to use sys_getpwnam().  We should 
> deal with machine accounts, but using Get_Pwnam() in 
> local_lookup_name() has some fairly large implications.

Hmm...  So why is this so slow?  Looking up individual users by
name shouldn't take that long.  My experience has been that the
only killer is when an application does a set/get/endpwent()


More information about the samba-technical mailing list