speed problem with 'valid users' and nss_ldap

mhaverka at kcp.com mhaverka at kcp.com
Fri Nov 8 20:02:01 GMT 2002

We are using Samba 2.2.6 at our site on Solaris 8 in conjunction with
nss_ldap from padl.com.  We often use the "valid users" option in our
smb.conf to restrict access to a given share to members of a certain group.
This causes the "get_users_in_group" function in lib/util_getent.c to use
getgrent to enumerate the entire list of groups.  This is extremely slow
with nss_ldap (about 3 minutes for us).

Looking at the code for "get_users_in_group," I see that there is a "fast"
path for winbindd users that uses "getgrnam", and a "slow" path for
everyone else that uses "getgrent."  Is there any reason why the "fast"
path can't be uses all the time?  I made this change to the code here, and
I solved my problem.  Is there any reason I should not do this?  Is there
any reason this shouldn't be changed in the Samba source?

Michael Haverkamp
IT System Engineer (Sr.)
Honeywell Federal Manufacturing & Technologies

More information about the samba-technical mailing list