duplicit LDAP calls
Pavel Filipensky
pfilipen at redhat.com
Wed Jun 16 08:49:18 UTC 2021
Hi,
during my my learning/observation of how machine account password is
changed via net ads changetrsutpw I have noticed that two same LDAP calls
are done in ads_keytab_add_entry() in source3/libads/kerberos_keytab.c :
391 »·······my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());
...
400 »·······if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {
Both ads_get_dnshostname() and ads_has_samaccountname() call
ads_find_machine_acct() and trigger exactly same LDAP search and get the
same response. I guess there are more places where an unnecessary network
call is done, but at least for this case it is easy to refactor the code to
avoid it. Does it makes sense to gain performance for possibly less
structured code?
Cheers,
Pavel
This request is send twice:
LDAPMessage searchRequest(7)
"dc=ADDOM,dc=SAMBA,dc=EXAMPLE,dc=COM" wholeSubtree
messageID: 7
protocolOp: searchRequest (3)
searchRequest
baseObject: dc=ADDOM,dc=SAMBA,dc=EXAMPLE,dc=COM
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 15
typesOnly: False
Filter: (samAccountName=ADMEMKEYTAB$)
filter: equalityMatch (3)
equalityMatch
attributeDesc: samAccountName
assertionValue: ADMEMKEYTAB$
attributes: 10 items
AttributeDescription: objectClass
AttributeDescription: SamAccountName
AttributeDescription: userAccountControl
AttributeDescription: DnsHostName
AttributeDescription: ServicePrincipalName
AttributeDescription: userPrincipalName
AttributeDescription: unicodePwd
AttributeDescription: msDS-AdditionalDnsHostName
AttributeDescription:
msDS-SupportedEncryptionTypes
AttributeDescription: nTSecurityDescriptor
More information about the samba-technical
mailing list