make 'ldap trust ids' the default?

Andrew Bartlett abartlet at
Sat Nov 2 07:37:01 GMT 2002

I've just committed a patch that adds a new 'ldap trust ids' smb.conf

Currently defaulting to off, this option allows pdb_ldap to use the ldap
server directly to determine if a user 'exists' in unix.

This gives us a performance boost, particularly on enumerations: 
(Removes the extra lookup per record).  

The logic is such that if there are no posixAccount attributes for a
user, we try getpwnam(), it's just that we look in LDAP first.

As such, do people think we should have this by default?  

This was a fix to solve some particular problems that metze had, and
I'll see if I can get some feedback on exactly how much this helps.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list