[PATCH] Remove linked attributes when objects are tombstoned
abartlet at samba.org
Fri Jul 15 20:33:42 UTC 2016
On Fri, 2016-07-15 at 00:30 +1200, Garming Sam wrote:
> Recently, we've found that linked attributes are a recurring problem
> any realistic domain. They're time consuming to deal with and parse,
> easily being one of the biggest factors for performance issues in AD.
> Fortunately, we've found one place in Samba where they are completely
> unnecessary. When objects are deleted, their linked attributes should
> removed completely and not simply marked deleted as they are
> (performing unnecessary existence checks and would contribute to
> unnecessary DRS traffic and CPU time).
> There are a number of fixes required to get this right.
> 1) Including a control to override the default 'mark as deleted'
> 2) Using the control in the repl_meta_data module as they occur
> 3) Using the control in dbcheck to cleanup any existing occurrences
> As part of the fixes, one-way links were also found to be implemented
> incorrectly. When the target of a one-way link is deleted, the link
> always displayed (with the deleted DN). We also discovered some
> around pseudo one-way links, but we don't have tests for fixes for
> yet (and it's unlikely to affect performance or have any major
Congratulations Garming on getting this into master. This is a massive
improvement, particularly in the (perhaps un-realistic) case where
users or groups are repeatedly created and deleted.
Alongside the DRS linked attribute fixes I got in earlier, this looks
to make Samba a much more practical proposition at scale!
The next task as I see it is to make similar improvements when we keep
the user and groups around.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical