FW: Speed comp. TNG & 2.2.alpha (fwd)

Tue Feb 27 10:06:04 GMT 2001

On Tue, 27 Feb 2001, Andrew Bartlett wrote:

> Luke Kenneth Casson Leighton wrote:
> > 
> > On Fri, 23 Feb 2001, Andrew Bartlett wrote:
> > 
> > > I have around 300 users, most of who are in a 'students' primary group.
> > > There are a few groups (54 including system groups), all of which don't
> > > have very many (non-primary) members.
> > 
> > okay.  all those names are unique, yes?
> > 
> > none of the users have the same name as any of the groups, is this
> > correct?
> > 
> 
> A small number are, all RedHat private user groups.  Some are system
> groups (ie, root.root, named.named and the like).  Most users are just
> students, staff or admins.  It should'nt be that hard to add an
> exception into the code that just ignores private groups should it? 
> Also ignoring sytem users and groups shouldn't be that hard.

private groups?  what do you mean, private groups.

we added code two years ago to allow admins to map certain users and
certain groups to different nt names.

see, what i did was, if it's a user, use that.

else:

if you are a PDC, BDC or member-of-domain,

	if it's not in the alias-map-file, it's a group.

if you are a stand-alone workstation:

	if it's not in the group-map-file, it's an alias.

this allows a unix /etc/group file to be "presented" to the NT world.  i
did not add a mechanism to "disallow" certain users/groups from this view.
the search algorithm, which must resolve a name in *all* spaces - users,
groups and aliases - is known to be O(N^3).  i.e. horrible.  esp. when it
comes to looking up a user's NT group RIDs, that's particularly when you
get hammered badly, as people are finding out.

we added some code that allowed unix user lookups to be cached for short
periods of time, as this gave a speed-up in performance of a factor of
about 100 on certain unix systems.  it is disabled by default, or i may
have even removed it altogether.

the entire codebase basically needs to be trashed and rewritten, as all
existing implementations (all versions of samba) are major headache hacks
from which the correct approach has been learned but not yet implemented.

luke

 ----- Luke Kenneth Casson Leighton <lkcl at samba-tng.org> -----

"i want a world of dreams, run by near-sighted visionaries"
"good.  that's them sorted out.  now, on _this_ world..."