[PATCH] Remove linked attributes when objects are tombstoned

Andrew Bartlett abartlet at samba.org
Fri Jul 15 20:33:42 UTC 2016

On Fri, 2016-07-15 at 00:30 +1200, Garming Sam wrote:
> Hi,
> Recently, we've found that linked attributes are a recurring problem
> in 
> any realistic domain. They're time consuming to deal with and parse, 
> easily being one of the biggest factors for performance issues in AD.
> Fortunately, we've found one place in Samba where they are completely
> unnecessary. When objects are deleted, their linked attributes should
> be 
> removed completely and not simply marked deleted as they are
> currently 
> (performing unnecessary existence checks and would contribute to 
> unnecessary DRS traffic and CPU time).
> There are a number of fixes required to get this right.
> 1) Including a control to override the default 'mark as deleted'
> behaviour.
> 2) Using the control in the repl_meta_data module as they occur
> 3) Using the control in dbcheck to cleanup any existing occurrences
> As part of the fixes, one-way links were also found to be implemented
> incorrectly. When the target of a one-way link is deleted, the link
> is 
> always displayed (with the deleted DN). We also discovered some
> oddities 
> around pseudo one-way links, but we don't have tests for fixes for
> those 
> yet (and it's unlikely to affect performance or have any major
> overall 
> impact).

Congratulations Garming on getting this into master.  This is a massive
improvement, particularly in the (perhaps un-realistic) case where
users or groups are repeatedly created and deleted.

Alongside the DRS linked attribute fixes I got in earlier, this looks
to make Samba a much more practical proposition at scale!

The next task as I see it is to make similar improvements when we keep
the user and groups around.

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list