[PATCH] bug 11259 - get smbd to use winbindd to prime the netsamlogon and name2sid caches.

[Christof Schmitt]

On Wed, Sep 28, 2016 at 11:59:35AM -0700, Jeremy Allison wrote:
> On Wed, Sep 28, 2016 at 11:50:06AM -0700, Christof Schmitt wrote:
> > On Wed, Sep 28, 2016 at 11:28:47AM -0700, Jeremy Allison wrote:
> > > On Wed, Sep 28, 2016 at 09:01:15PM +0300, Uri Simchoni wrote:
> > > 
> > > > That would be great.
> > > > 
> > > > I haven't researched this fully and right now I have other duties to
> > > > attend to, but I see signs of fishiness with the sequence number refresh
> > > > from the parent process (I made two session setups 7 minutes apart, got
> > > > a new ldap connection opened for each one instead of reusing the
> > > > connection, with all the discovery enchilada). This could be some
> > > > consequence of my setup, or it could be a bug, which went undetected
> > > > because the sequence number from parent code path is not used often.
> > > > 
> > > > I'll be happier knowing that we don't introduce another blocking network
> > > > request in the parent.
> > > 
> > > Feel free to add this to the patchset once it's gone
> > > in if you want it.
> > 
> > This is not related to the core issue here, but just to understand what
> > is going on: Can someone point me to a reference what this sequence
> > number is and how it is used in winbindd?
> 
> Well according to Volker it's broken :-). But here is
> how it's supposed to work.
> 
> Every time an object is changed in DC a sequence number
> is updated so that other DC's in the domain can tell something has
> been changed and replication needs to be done. We use
> this as a hint that our cache is still valid (if it
> hasn't changed we don't need to refetch data from
> the DC).
> 
> Look at the function ads_USN() for how this is done
> over LDAP. There are other .sequence methods for
> different backend types (see rpc_sequence_number()
> for samr etc. etc.).

Thank you for the explanation.

Christof