X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=KjxlzQILpYPhu0HnlzcCh3adLhiVCwSJMZD/lKtcworYAx1Iprui7
	pyuxZIo1NKDvO7SuQYpMJeCoC7uSzFqTOZww3g8bEmVb4RhkAz2UVSf+lEZ15x67
	MPiBcybOiN7leXgFj8c2XYWNgrTwkmkl1scA6jAsW0SYNGszzl9Nmk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=rFaeGc5/nsZUIqLPcDLst04prmI=; b=b7ikDlGOkNPU+RseM/xJQ5kPsS+R
	aDpqq12yu8CY/D0ydtI1tKckmr5oKS1ar0qsQfGPb66ZVJ105JOSGG89AFK40+l/
	+6zT4YbICrkueFJdqQLGSMKBM1cCC2r4vYR8TV19DzIBqx2SGYmL7GM8TEo72oI8
	MX44nCOmRCDLxls=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,SPAM_BODY1 autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 23 Feb 2015 18:47:09 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: TEST RELEASE: Cygwin 1.7.35-0.3
Message-ID: <20150223174709.GB26549@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20150220102927 DOT GR26084 AT calimero DOT vinschen DOT de> <6695-1424465180-282140 AT sneakemail DOT com> <20150223111721 DOT GH437 AT calimero DOT vinschen DOT de> <9116-1424712152-918733 AT sneakemail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="Fba/0zbH8Xs+Fj9o"
Content-Disposition: inline
In-Reply-To: <9116-1424712152-918733@sneakemail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--Fba/0zbH8Xs+Fj9o
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 23 10:22, John Hein wrote:
> Corinna Vinschen corinna-cygwin-at-cygwin.com |cygwin_ml_nodigest| wrote =
at 12:17 +0100 on Feb 23, 2015:
>  > Come to think of it, it's probably really just slow.  The difference
>  > between mkpasswd/mkgroup for domain accounts:
>  >
>  > 1.7.33:
>  >
>  >   Calls NetUserEnum/NetGroupEnum,NetLocalGroupEnum with maximum Buffer
>  >   size.
>  >
>  > 1.7.34+:
>  >
>  >   Calls an LDAP enumerator fetching 100 SIDs per call.
>  >   For each SID:
>  >     Call LookupAccountSid.
>  >     For each User:
>  >       Depending on nsswitch.conf, call LDAP to fetch the extended pass=
wd
>  >       info (pw_shell, pw_home, pw_gecos).
>  >
>  > I guess there's some room for improvement.
>  >
>  > OTOH, keep in mind that you're not suppsoed to call mkpasswd/mkgroup
>  > to enumerate your entire organization.  If you're using it at all, then
>  > only to create the required entries in /etc/passwd and /etc/group for
>  > your local acocunt to work, and then leave everything else to the "db"
>  > setting.
>=20
> Fair enough.  I'll stop stress testing mkpasswd and consider this
> closed unless there's something we want to try.
>=20
> But 1.7.33 seems much faster (if you can call 50 minutes fast) at it
> than 1.7.34-6 or 1.7.35-0.3 in this large-ish AD.  Maybe a knob to
> specify buffer size and/or some other knobs might help identifying the
> slowest parts (and/or some stats).  Just a thought.

I'll have a look into improving the stuff for sure.  I think this
requires to limit the number of LDAP calls in the first place.  Rather
then fetching SIDs only, the enumerator should fetch all required account=
=20
information immediately, so the number of LDAP calls will be

  #accounts / 100 =3D=3D 80

rather than the today's

  #accounts 100 + #accounts =3D=3D 8080.

The extra 8000 LookupAccountSid calls would go away, too.

> I'll add that the 1.7.34-6 'strace mkpasswd -d' that I had started
> above finished in 20+ hours and spewed ~3500 of ~8000 entries.

It may be a restriction on your server.  There're often settings
limiting the number of calls per client.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--Fba/0zbH8Xs+Fj9o
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU62edAAoJEPU2Bp2uRE+gWR4P/3svyIAW+SqNT0SC+prlupZ5
0oSJSEYJ8UYSWx+feWRRq5Blh8BKf89ATP4C8IGUGZn5iFgoFCEE4ltqhXbZbUrp
BLpKiL039gE21nZc3S2WR1eSsQuiprumkGm9N23EduZGf6NS01qa2fQF3+LeFdcp
a9VYcyQyfDAd8GvEWM+kZerulztOyxCytTWkk7WYpbnK0x7eBQoW5q/ZGYKAyZPy
0cULl86A0EsPCLuHCGlmNiRMEIabRoXpjkneqEWodZVPjURzokGVrYjyvP5EfRwY
6TMi4fLIRjdD4TS0lfZE4E8/5mHM1825hw7krkZXll1NnONxTfROpJaQKrGBOhh5
43TIY0q03BUI7dT0Rl/C1gC+9tuDJ+9ofbwoHWdqa0khOLlqBwBcMic3NrTSRsig
w0DECJG1NMm/jwbtVxzmT+PNGYcsC40FTzmrNYx/iABcNvf4N5bRD0CoZ/UloCfu
keNLrtyyR3lfznPdBlNBCnj+X2zBL7jYmRB+wyXV/n3tnlRdYgGuQQYpvHZlL8e9
ToB5eNxmenzOB1xqRYEjul79wxOfxp1bDeCgHFzyHVIg80BbmgBMw+enXfqP4A0x
LFaHD8kVnUPvnT76LJI90tBVg7Sakyx11TUTtyY2x8nzPNHGY7tWDSdxaHOqt68D
UOQMnf8G3UWny8Q1z2jY
=8Qz6
-----END PGP SIGNATURE-----

--Fba/0zbH8Xs+Fj9o--