duplicit LDAP calls
Tom Talpey
tom at talpey.com
Fri Jun 18 14:02:22 UTC 2021
May I make a language suggestion on the commit title - the English
"duplicit" means deceitful, or two-faced. I believe the intended
word here is "duplicate"!
Tom.
On 6/18/2021 4:04 AM, Pavel Filipensky via samba-technical wrote:
> Here is a commit (it is part of MR 1999) that avoids duplicit LDAP searches:
>
> https://gitlab.com/samba-team/samba/-/merge_requests/1999/diffs?commit_id=9e8a41a07dfdbb05f854f54fd6cd49022031cd3a
>
> Before the fix 'net ads changetrsutpw' issued 35 identical LDAP calls
> within ads_keytab_create_default(). It was processing only the default
> SPNs, with additional SPNs there would be even more calls. After the fix
> there is only one LDAP call.
>
> Cheers,
> Pavel
>
>
>
>
>
>
>
> On Wed, Jun 16, 2021 at 9:51 PM Jeremy Allison <jra at samba.org> wrote:
>
>> On Wed, Jun 16, 2021 at 10:49:18AM +0200, Pavel Filipensky via
>> samba-technical wrote:
>>> Hi,
>>>
>>> during my my learning/observation of how machine account password is
>>> changed via net ads changetrsutpw I have noticed that two same LDAP calls
>>> are done in ads_keytab_add_entry() in source3/libads/kerberos_keytab.c :
>>>
>>> 391 环贩贩贩my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());
>>>
>>> ...
>>> 400 环贩贩贩if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {
>>>
>>>
>>> Both ads_get_dnshostname() and ads_has_samaccountname() call
>>> ads_find_machine_acct() and trigger exactly same LDAP search and get the
>>> same response. I guess there are more places where an unnecessary network
>>> call is done, but at least for this case it is easy to refactor the code
>> to
>>> avoid it. Does it makes sense to gain performance for possibly less
>>> structured code?
>>
>> Depends on the code changes, but yes, that does seem
>> a useful fix !
>>
>> Thanks !
>>
>>
>
More information about the samba-technical
mailing list