LDB_SCOPE_ONELEVEL without full traversal?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Dec 7 09:06:29 GMT 2006
On Thu, Dec 07, 2006 at 10:21:20AM +1100, tridge at samba.org wrote:
> Sorry if I'm being dumb, but I don't understand the last part of this
> logic. Why is a SD per share a problem?
If I understand you correctly then you are proposing that we
put all registry values belonging to a registry key as
attributes to a ldb key to avoid the ONELEVEL search. From
my point of view this is sub-optimal because I would like to
follow W2k3 and put the share security descriptors as values
into the registry key lanmanserver\shares\security. If I
imagine the 5.000-share server which I've come across a
couple of months ago then finding a security descriptor for
a share would have to walk a linear list of on average 2.500
security descriptors.
I mentioned the winbind 17.000 user example because a
customer of mine has been bitten by winbind having to walk
lists of an average length of 150, so I am a bit afraid to
walk a list of 2.500 entries upon every tconX.
True, memcpy is fast, but I'm worried that walking that list
might be too slow for tconX, and my assumption was that we
have tdb exactly for this.
Please correct me if my assumptions are wrong.
Thanks,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20061207/e787dc16/attachment.bin
More information about the samba-technical
mailing list