Broadening the scope of the negative connection cache
simo
idra at samba.org
Tue May 13 15:01:33 GMT 2008
On Tue, 2008-05-13 at 09:43 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker Lendecke wrote:
>
> > While there -- can we move the idmap cache there as well?
> >
> > What that would do: smbd could also put stuff in there. This
> > is really necessary for people having ACLs and "hide
> > unreadable". For each file we have to translate the gids to
> > sids. This basically took down a PDC's LDAP server of a
> > customer of mine. No winbind around, just smbd.
>
> Hmm....not sure I'm initially as supportive of that idea. But I'll
> think on it and maybe convince myself differently.
>
> Why can't they run winbindd? Internally smbd has a sid/uid/gid
> cache. Maybe that should be in gencache. But I'd like to keep
> Winbindd's idmap cache separate.
>
> PS: I do believe that Winbind's idmap cache needs to be cleaned
> up. For example, caching the forward and reverse map entries
> should be in a single transaction.
We should also make the cache be readable by any winbindd process too,
so that we save some round trips, it was not done in initial design to
keep it simpler, but it is time to IMO.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list