duplicit LDAP calls
Pavel Filipensky
pfilipen at redhat.com
Fri Jun 18 08:04:03 UTC 2021
Here is a commit (it is part of MR 1999) that avoids duplicit LDAP searches:
https://gitlab.com/samba-team/samba/-/merge_requests/1999/diffs?commit_id=9e8a41a07dfdbb05f854f54fd6cd49022031cd3a
Before the fix 'net ads changetrsutpw' issued 35 identical LDAP calls
within ads_keytab_create_default(). It was processing only the default
SPNs, with additional SPNs there would be even more calls. After the fix
there is only one LDAP call.
Cheers,
Pavel
On Wed, Jun 16, 2021 at 9:51 PM Jeremy Allison <jra at samba.org> wrote:
> On Wed, Jun 16, 2021 at 10:49:18AM +0200, Pavel Filipensky via
> samba-technical wrote:
> >Hi,
> >
> >during my my learning/observation of how machine account password is
> >changed via net ads changetrsutpw I have noticed that two same LDAP calls
> >are done in ads_keytab_add_entry() in source3/libads/kerberos_keytab.c :
> >
> >391 环贩贩贩my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());
> >
> >...
> >400 环贩贩贩if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {
> >
> >
> >Both ads_get_dnshostname() and ads_has_samaccountname() call
> >ads_find_machine_acct() and trigger exactly same LDAP search and get the
> >same response. I guess there are more places where an unnecessary network
> >call is done, but at least for this case it is easy to refactor the code
> to
> >avoid it. Does it makes sense to gain performance for possibly less
> >structured code?
>
> Depends on the code changes, but yes, that does seem
> a useful fix !
>
> Thanks !
>
>
More information about the samba-technical
mailing list