duplicit LDAP calls

Pavel Filipensky pfilipen at redhat.com
Wed Jun 16 08:49:18 UTC 2021


during my my learning/observation of how machine account password is
changed via net ads changetrsutpw I have noticed that two same LDAP calls
are done in ads_keytab_add_entry() in source3/libads/kerberos_keytab.c  :

391 »·······my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());

400 »·······if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {

Both ads_get_dnshostname() and ads_has_samaccountname() call
ads_find_machine_acct() and trigger exactly same LDAP search and get the
same response. I guess there are more places where an unnecessary network
call is done, but at least for this case it is easy to refactor the code to
avoid it. Does  it makes sense to gain performance for possibly less
structured code?


This request is send twice:

            LDAPMessage searchRequest(7)
"dc=ADDOM,dc=SAMBA,dc=EXAMPLE,dc=COM" wholeSubtree
                messageID: 7
                protocolOp: searchRequest (3)
                        baseObject: dc=ADDOM,dc=SAMBA,dc=EXAMPLE,dc=COM
                        scope: wholeSubtree (2)
                        derefAliases: neverDerefAliases (0)
                        sizeLimit: 0
                        timeLimit: 15
                        typesOnly: False
                        Filter: (samAccountName=ADMEMKEYTAB$)
                            filter: equalityMatch (3)
                                    attributeDesc: samAccountName
                                    assertionValue: ADMEMKEYTAB$
                        attributes: 10 items
                            AttributeDescription: objectClass
                            AttributeDescription: SamAccountName
                            AttributeDescription: userAccountControl
                            AttributeDescription: DnsHostName
                            AttributeDescription: ServicePrincipalName
                            AttributeDescription: userPrincipalName
                            AttributeDescription: unicodePwd
                            AttributeDescription: msDS-AdditionalDnsHostName
                            AttributeDescription: nTSecurityDescriptor

More information about the samba-technical mailing list