git.samba.org - samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Thu, 10 Feb 2022 13:36:28 +0000 (14:36 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 30 Mar 2022 11:13:35 +0000 (11:13 +0000)
commit	b812ade416faf6e41e9def5689f9b2e21d7f718f
tree	46795a3a93d0940a932fe40093fb78c5a34ec91e	tree
parent	4c32f46a8687e96436abd83fd212468709fadb64	commit \| diff

s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()

During replication we may need to fallback to using DRS_GET_TGT,
which means that we'll get a lot of objects more than once,
the most important one it the partition root object.

It means we'll also do the security descriptor propagation more than
once for these objects, which is extrememly costly for the partition
root objects and other objects near the root.

I analyzed a domain where we collected ~ 50000 descriptor_changes
registrations for the initial replication of ~ 22000 objects
in the database.
For that domain we spend ~ 4 hours for the security descriptor
propagation in descriptor_prepare_commit(), while the replication
itself was finished in less than 2 minutes.

With this change we reduce the number of registered/processed
descriptor_changes down to ~ 22000, while is reduces the time
from ~ 4 hours to just ~ 3 minutes 20 seconds!

The statitics changed from:

descriptor_prepare_commit: changes: num_registered=50000
descriptor_prepare_commit: changes: num_processed=50000
descriptor_prepare_commit: objects: num_processed=12000000

to:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>