[Patches] Expanded group memberships on boundaries of outgoing trusts (bugs #13299, #13300, #13307)
Stefan Metzmacher
metze at samba.org
Wed Feb 28 23:21:50 UTC 2018
Hi Andrew,
>> Please review and push:-)
>
> I'll aim this at the perf testing rig, but I already have some
> concerns:
>
> The extended dn stuff is pretty performance sensitive (we need to
> ensure for replication that we always end up in the 'don't parse the DN
> case', so I will want to check those patches.
I found more bugs related to the extended_dn_store module.
In order to avoid calls I merged the FPO handling to the
extended_dn_store module and implemented all FPO enabled attributes
instead of just 'member'.
Here's the current state:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-trusts-ok
Note that
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=19b46b7c0093ee0
don't compile, but I have a fixed version locally.
> I'm also concerned about:
>
>> From 3dea1ea7d5c6c8bc95440944a7daa8336f520098 Mon Sep 17 00:00:00 2001
>> From: Stefan Metzmacher <metze at samba.org>
>> Date: Thu, 22 Feb 2018 23:24:59 +0100
>> Subject: [PATCH 08/26] dsdb:unique_object_sids: remove
>> unique_object_sids_init() and get the domain_sid during the request
>>
>> samdb_domain_sid() already has an effective cache, there's no need to
>> cache it again.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
>>
>> Signed-off-by: Stefan Metzmacher <metze at samba.org>
>> ---
>
> Yes, we have a cache, but the O(n) behaviour isn't great (at times past
> it did feature clearly in profiles, thankfully we have avoided it in a
> few key cases), so I wouldn't say it is effective.
>
> That is why that code tried for a startup-time cache.
I removed that patch as it's not strictly needed.
> Finally (and I ask this question genuinely), is this really best
> described as a last-moment bug fix? I know incredibly well the
> pressure to get features in rather than wait 6 months, but we do have
> the feature deadline rules for a reason.
For me they're just bugs to be fixed. And it's actually the
reason for having rc releases to find and fix bugs.
But I also think we don't have to block the release over this
and have it fixed later for 4.8.x or 4.9.
The WHATNEW entry for 4.8.0rc4 just won't be as exciting as it
would be with the patches:-)
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180301/617ba68f/signature.sig>
More information about the samba-technical
mailing list