tight loop in tdb_find()
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon May 25 10:17:18 GMT 2009
On Mon, May 25, 2009 at 08:03:46PM +1000, tridge at samba.org wrote:
> > We need to fill in the server affinity with net ads join and then use it
> > in winbindd later.
>
> If that information is important, why is it put in gencache? Perhaps
> it should be in secrets.tdb?
>
> > That would add a lot of complexity to gencache...
>
> yep, and I'd certainly prefer to use one of the two simpler options,
> but if the concensus is that transactions would be too slow, and that
> TDB_CLEAR_IF_FIRST is unacceptable then we are left with no choice
> except the additional complexity I think.
>
> I don't think we can just continue to hope the corruption isn't too
> bad. We really could end up with pretty much anything in gencache, and
> it is even possible this could be a security hole for some of the
> information stored in gencache.
>
> So shall I just add transactions and wait for the speed complaints, or
> does someone else think we should go for the 2 level cache?
If possible, can you remove the idmap cache from
gencache.tdb again if you use transactions on gencache?
Logging into a fresh server with a large token will
definitely hurt. The idmap cache was moved to gencache to
avoid roundtrips from smbd into winbind, but this might turn
out to be the wrong decision now.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090525/e9ca98ae/attachment.bin
More information about the samba-technical
mailing list