Bug 15605 - Improve performance of lookup_groupmem() in idmap_ad
Summary: Improve performance of lookup_groupmem() in idmap_ad
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-14 07:46 UTC by Pavel Filipenský
Modified: 2024-04-17 14:39 UTC (History)
1 user (show)

See Also:


Attachments
4.20.patch (7.16 KB, patch)
2024-04-16 14:38 UTC, Pavel Filipenský
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Filipenský 2024-03-14 07:46:19 UTC
The LDAP query of lookup_groupmem() returns all group members from AD
    even those with missing uidNumber.  Such group members are useless in
    UNIX environment for idmap_ad backend since there is no uid mapping.
    
    'test_user' is member of group "Domanin Users" with 200K members,
    only 20K members have set uidNumber.
    
    It takes more than a minute 

    $ time id test_user
    
    real    1m5.946s
    user    0m0.019s
    sys     0m0.012s

If the ldap search string filters out the users using this:

 "(&(objectCategory=user)(primaryGroupID=%u)(uidNumber=*)(!(uidNumber=0))"

   
 The time is much better:

    $ time id test_user
    
    real    0m3.544s
    user    0m0.004s
    sys     0m0.007s
    

    
======

Fix will follow.
Comment 1 Samba QA Contact 2024-04-02 13:26:04 UTC
This bug was referenced in samba master:

a485d9de2f2d6a9815dcac6addb988a8987e111c
5d475d26a3d545f04791a04e85a06b8b192e3fcf
2dab3a331b5511b4f2253f2b3b4513db7e52ea9a
f8b72aa1f72881989990fabc9f4888968bb81967
Comment 2 Pavel Filipenský 2024-04-16 14:38:53 UTC
Created attachment 18288 [details]
4.20.patch
Comment 3 Andreas Schneider 2024-04-17 10:52:46 UTC
Jule, please apply the patch to 4.20. Thanks!
Comment 4 Jule Anger 2024-04-17 13:38:23 UTC
Pushed to autobuild-v4-20-test.
Comment 5 Samba QA Contact 2024-04-17 14:39:03 UTC
This bug was referenced in samba v4-20-test:

8857cf299792f50e5917319a38d450c068fa07f4
837012983840d10488404fac2ebad07dd75a6f1c
84f82a09ffd1336bf79cffbe4caa3045aedbd16e
83da49f348921a21a22ff93ffecbd638ff004541