make 'ldap trust ids' the default?

Jean Francois Micouleau Jean-Francois.Micouleau at
Sat Nov 2 08:06:01 GMT 2002

On Sat, 2 Nov 2002, Andrew Bartlett wrote:

> I've just committed a patch that adds a new 'ldap trust ids' smb.conf
> option.
> Currently defaulting to off, this option allows pdb_ldap to use the ldap
> server directly to determine if a user 'exists' in unix.
> This gives us a performance boost, particularly on enumerations:
> (Removes the extra lookup per record).
> The logic is such that if there are no posixAccount attributes for a
> user, we try getpwnam(), it's just that we look in LDAP first.
> As such, do people think we should have this by default?

NO !

> This was a fix to solve some particular problems that metze had, and
> I'll see if I can get some feedback on exactly how much this helps.

and what's next ? Can I commit an ugly hack i'm using 'cause SCO
openserver doesn't support username longer than 8 chars ?

can't we also add a "don't check unix security at all" smb.conf parameter
that default to yes ?


More information about the samba-technical mailing list