diff options
| author | Günther Deschner <gd@samba.org> | 2005-01-19 16:13:26 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:59 -0500 |
| commit | 1ed62fde09f382342a396a047975fdeeea7113bb (patch) | |
| tree | 046c42700ae66b2fb30cf70a192b35ff7d5eb8d2 /source3/passdb/pdb_ldap.c | |
| parent | 8f476e5e52e4c72bbcc105bf0c4cba2c5dd3b641 (diff) | |
| download | samba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.gz samba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.bz2 samba-1ed62fde09f382342a396a047975fdeeea7113bb.zip | |
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Guenther
(This used to be commit 6394257cc721ca739bda0e320375f04506913533)
Diffstat (limited to 'source3/passdb/pdb_ldap.c')
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index ee0cb260e8..2cc1798d3f 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1180,33 +1180,48 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, Connect to LDAP server for password enumeration. *********************************************************************/ -static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) +static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint16 acb_mask) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; - pstring filter; + pstring filter, suffix; char **attr_list; + BOOL machine_mask = False, user_mask = False; pstr_sprintf( filter, "(&%s%s)", lp_ldap_filter(), get_objclass_filter(ldap_state->schema_ver)); all_string_sub(filter, "%u", "*", sizeof(pstring)); + machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))); + user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL)); + + if (machine_mask) { + pstrcpy(suffix, lp_ldap_machine_suffix()); + } else if (user_mask) { + pstrcpy(suffix, lp_ldap_user_suffix()); + } else { + pstrcpy(suffix, lp_ldap_suffix()); + } + + DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n", + acb_mask, suffix)); + attr_list = get_userattr_list(ldap_state->schema_ver); - rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, - attr_list, &ldap_state->result); + rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter, + attr_list, 0, &ldap_state->result); free_attr_list( attr_list ); if (rc != LDAP_SUCCESS) { DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", lp_ldap_suffix(), filter)); + DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter)); ldap_msgfree(ldap_state->result); ldap_state->result = NULL; return NT_STATUS_UNSUCCESSFUL; } - DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - ldap_state->result))); + DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n", + ldap_count_entries(ldap_state->smbldap_state->ldap_struct, + ldap_state->result), suffix)); ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); |