sysdb: consolidate ldb writes in sysdb_add_basic_group()#8666
sysdb: consolidate ldb writes in sysdb_add_basic_group()#8666alexey-tikhonov wants to merge 1 commit intoSSSD:masterfrom
Conversation
alexey-tikhonov
added
backport-to-sssd-2-9
Performance
sysdb_add_basic_group() now accepts optional extra_attrs that are merged into the ldb_add message. This lets sysdb_add_incomplete_group() and sysdb_add_group() include all attributes in a single ldb_add instead of doing ldb_add followed by ldb_modify via sysdb_set_group_attr(). Per group this eliminates an ldb_modify on the main cache, the preceding ldb_search diff-check, and an ldb_modify on the timestamp cache. Assisted-By: Claude Code (Opus 4.6)
alexey-tikhonov
force-pushed
the
sysdb_add_incomplete_group-again
branch
from
e93b79b to
2ee255f
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors group creation in the sysdb layer by allowing sysdb_add_basic_group to accept extra attributes, streamlining operations in sysdb_add_group and sysdb_add_incomplete_group. Feedback suggests replacing the hardcoded SYSDB_POSIX check with a dynamic check for existing attributes in the ldb_message to prevent failures caused by duplicate single-valued attributes.
| if (strcmp(extra_attrs->a[i].name, SYSDB_POSIX) == 0) { | ||
| continue; /* already added */ | ||
| } |
There was a problem hiding this comment.
Instead of hardcoding a check for SYSDB_POSIX, it is safer and more robust to check if the attribute already exists in the ldb_message. This prevents duplicate elements for all attributes added earlier in the function (such as name, objectCategory, gidNumber, and createTimestamp), which would otherwise cause ldb_add to fail for single-valued attributes.
if (ldb_msg_find_element(msg, extra_attrs->a[i].name) != NULL) {
continue; /* already added */
}There was a problem hiding this comment.
This is intentional.
There should be no other duplicates.
Checking everything will consume CPU cycles and might hide logic errors / bugs introduced later.
alexey-tikhonov
added
coverity
|
Note: Covscan is clean. |
1 participant
sysdb_add_basic_group() now accepts optional extra_attrs that are merged into the ldb_add message. This lets sysdb_add_incomplete_group() and sysdb_add_group() include all attributes in a single ldb_add instead of doing ldb_add followed by ldb_modify via sysdb_set_group_attr().
Per group this eliminates an ldb_modify on the main cache, the preceding ldb_search diff-check, and an ldb_modify on the timestamp cache.