git.samba.org - samba.git/commit

author	Tim Beale <timbeale@catalyst.net.nz>
	Tue, 15 May 2018 21:45:32 +0000 (09:45 +1200)
committer	Garming Sam <garming@samba.org>
	Wed, 23 May 2018 08:09:10 +0000 (10:09 +0200)
commit	2fa2f132ae3de9a403b2d93d586570f59250de23
tree	60fb2eee614ede80d2d691e22f4ce775647e4e3e	tree
parent	3779367329646215065e1608ef065930b581e854	commit \| diff

dsdb: Avoid calculating the PSO multiple times

In a typical user login query, the code tries to work out the PSO 2-3
times - once for the msDS-ResultantPSO attribute, and then again for the
msDS-User-Account-Control-Computed & msDS-UserPasswordExpiryTimeComputed
constructed attributes.

The PSO calculation is reasonably expensive, mostly due to the nested
groups calculation. If we've already constructed the msDS-ResultantPSO
attribute, then we can save ourselves extra work by just re-fetching the
result directly, rather than expanding the nested groups again from
scratch.

The previous patch improves efficiency when there are no PSOs in the
system. This should improve the case where there are PSOs that apply to
the users. (Unfortunately, it won't help where there are some PSOs in
the system, but no PSO applies to the user being queried).

Also updated sam.c so the msDS-ResultantPSO gets calculated first,
before the other constructed attributes.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 23 10:09:11 CEST 2018 on sn-devel-144

source4/auth/sam.c		diff \| blob \| history
source4/dsdb/samdb/ldb_modules/operational.c		diff \| blob \| history