[PATCH] Make the Samba AD DC multi-process
abartlet at samba.org
Mon Nov 28 17:55:06 UTC 2016
On Mon, 2016-11-28 at 17:05 +1300, Andrew Bartlett wrote:
> On Mon, 2016-11-21 at 17:01 +1300, Andrew Bartlett wrote:
> > On Fri, 2016-10-14 at 20:01 +1300, Andrew Bartlett wrote:
> > >
> > > G'Day,
> > >
> > > Attached is a WIP set of patches to make Samba connect to ldb
> > > faster,
> > > for the @ATTRIBUTES load, used until we can read the full schema.
> > >
> > > This avoids some O(n^2) behaviour for the 600 attributes in the
> > > default
> > > schema, which was taking 5% of the time to run a simple
> > > ldbsearch.
> > >
> > > Please consider, but don't push until I run the beachmarks.
> > Attached is some work in progress to do this, and to allow the LDAP
> > and
> > NETLOGON server to be multi-process.
> > This breaks the RPC protocol by not checking the assoc_group when
> > we
> > accept a bind to the NETLOGON rpc server in the AD DC.
> > It also breaks the current link between the lsarpc services and
> > netlogon, which currently allow a bind on either pipe to access
> > these
> > services.
> > I've tried to make that all as generic as possible.
> > Please comment. I don't plan to push this without coming back to
> > the
> > list.
> > To address the cost of the additional processes, particularly for
> > LDAP,
> > we hope to have some improvments to talloc() to make short-lived
> > child
> > processes less costly at exit() time.
> I would appreciate comments on the attached patch set. It includes
> foreshadowed improvements to talloc.
> I would like to get at least the non-controversial parts of this into
> Samba soon.
I'll get some perf numbers once I'm in the office, but this set passed
a full autobuild.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical