| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We can't assume that a rec_ptr will come back from a tdb traverse with
alignment sufficient for a pointer.
|
|
When we get an indexing failure we want a clear error message
|
|
- The outside API contains "DN" string arguments: Bad. Since in this way we
fully rely on the outside calls regarding the right DN format. Solution: Use
always a "struct ldb_dn" entry. Since this one is interchangeable and we can
handle it in our preferred way.
|
|
- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
to be more powerful (added a second length check and do both before the string
comparison)
|
|
|
|
The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
|
|
|
|
|
|
We may have modified index objects in the in-memory index tdb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
first list
Intuitively you would think it couldn't be longer than the minimum of
the two lists, but we are deliberately allowing for duplicates at this
level of the indexing code, which means the result can be longer
|
|
This gets rid of the @IDXPTR approach to in-transaction indexing,
instead using an in-memory tdb to hold index values during a
transaction. This also cleans up a lot of the internal indexing logic,
hopefully making it easier to understand.
One of the big changes is in memory management, with a lot more use
made of talloc tricks to avoid copying dn lists, and shortcuts used to
avoid high intersection and union calculation costs.
The overall result is that a re-provision on my laptop goes from 48s
to a bit over 10s.
|
|
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
|
|
This add --show-binary to ldbsearch. When this flag is set, binary
blobs will be shown as-is, instead of base64 encoded. This is useful
for some XML encoded attributes, and will also be used as part of some
NDR print formatting for attributes like repsTo.
|
|
|
|
|
|
When a attribute is marked unique we know that if we find a match
it will be the only possible match. This means that in a list of
subtrees connected by an &, it is best to first load the index values
for the unique entries, as if they find something then we know we
won't have to look any further.
This helps with searches like this:
(&(objectclass=user)(samaccountname=tridge))
the old code would first have loaded the very large index for the
objectclass=user attribute, and then loaded the single entry for
samaccountname=tridge. Now we load the samaccountname=tridge entry
first, notice that it gives us a single result, and stop, thereby
skipping the load of the objectclass=user index record completely.
|
|
When a attribute is marked as LDB_ATTR_FLAG_UNIQUE_INDEX then attempts
to add a 2nd record that has the same attribute value for this
attribute as another record will fail.
This provides a much more efficient mechanism for ensuring that
attributes like objectGUID are unique
|
|
one-level indexing was not always effective due to some broken logic
in the indexing code. This change means that if normal indexing fails,
we can still fall back on one-level indexing.
This reduces the number of full unindexed searches in s4 quite a lot
|
|
In some code paths ltdb_context was still referenced even after we were returned
an error by one of the callbacks. Because the interface assumes that once an
error is returned the ldb_request may be freed, and because the ltdb_context was
allocated as a child of the request, this might cause access to freed memory.
Allocate the ltdb_context on ldb, and keep track of what's going on with the
request by adding a spy children on it. This way even if the request is freed
before the ltdb_callback is called, we will safely free the ctx and just quietly
return.
|
|
do not reference it from ldb.h
|
|
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
|
|
|
|
It changes some "return 0" in "return LDB_SUCCESS"
|
|
This also asserts that it is used only for index records.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
ldb indexing can cause huge files, and huge memory usage. This
experiment allows us to keep indexes in memory during a transaction,
then to write the indexes to disk when the transaction completes. The
result is that the db is much smaller (we have seen improvements of
about 100x in file size) and memory usage during large transactions is
also greatly reduced
Note that this patch uses the unusual strategy of putting pointers
into a ldb (and thus into a tdb). This works because the pointers are
only there during a transaction, so the pointers are not exposed to
any other users of the database. The pointers allow us to avoid some
really bad allocation problems with tdb record allocation during the
re-indexing.
|
|
re-indexing in ldb is triggered on any modification to the @ATTRIBUTES
or @INDEXLIST records. This happens to produce a worst-case
fragmentation of the database, as all @INDEX records are deleted then
re-created. By repacking after re-indexing we ensure that the database
ends up without extreme fragmentation.
|
|
|
|
(This used to be commit 3c058f50cc3b91d540feb51fb698d90565b2b7c9)
|
|
(This used to be commit d62f2bcc85c13605c133db250e0a86d2d6ccc481)
|
|
Andrew Bartlett
(This used to be commit 0016231edd514e8db620bafc44ce877fcac19ed9)
|
|
Subclass support was designed to avoid needing to spell out the full
list of objectClasses that an entry was in. However, Samba4 now
enforces this restriction in the objectClass module, and the way
subclass matching was handled was complex and counter-intuitive in my
opinion (and did not match LDAP).
Andrew Bartlett
(This used to be commit f5ce04b904e14445a2a7e7f92e7e1f64b645c6f2)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
|
|
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
|
|
(This used to be commit 1093875d59f1ea9b8bd82277d4f9d8366e584952)
|
|
This is a 1 to 1 convertion, next step is to make this
code report an error if the basedn is not used, hopefully
avoiding an explicit search on the base object in the most
common cases.
(This used to be commit 50534c84b4577b2d32565a74a4716088f706bfea)
|
|
This was there since 2005...
metze
(This used to be commit 393e4eeb82df8017eb0afb526f4d723cf8814311)
|
|
to traverse the whole tdb and unpack each record
metze
(This used to be commit 492c79de13eab8db6079f880a8f0857dc7a29fa8)
|
|
to a ldb_schema_syntax struct.
the default attribute handler is now registered dynamicly as "*"
attribute, instead of having its own code path.
ldb_schema_attribute's can be added to the ldb_schema given a
ldb_schema_syntax struct or the syntax name
we may also need to introduce a ldb_schema_matching_rule,
and add a pointer to a default ldb_schema_matching_rule
in the ldb_schema_syntax.
metze
(This used to be commit b97b8f5dcbce006f005e53ca79df3330e62f117b)
|
|
To activate it you must modify the @INDEXLIST object adding
the attribute @IDXONE: 1
Ldb test included
Simo.
(This used to be commit ea111795f4016916473ccc05d23c6655e6af1207)
|
|
(This used to be commit a2520bcfa918977f2139a963e9817370789cf077)
|
