speed problem with 'valid users' and nss_ldap
mhaverka at kcp.com
mhaverka at kcp.com
Fri Nov 8 20:02:01 GMT 2002
We are using Samba 2.2.6 at our site on Solaris 8 in conjunction with
nss_ldap from padl.com. We often use the "valid users" option in our
smb.conf to restrict access to a given share to members of a certain group.
This causes the "get_users_in_group" function in lib/util_getent.c to use
getgrent to enumerate the entire list of groups. This is extremely slow
with nss_ldap (about 3 minutes for us).
Looking at the code for "get_users_in_group," I see that there is a "fast"
path for winbindd users that uses "getgrnam", and a "slow" path for
everyone else that uses "getgrent." Is there any reason why the "fast"
path can't be uses all the time? I made this change to the code here, and
I solved my problem. Is there any reason I should not do this? Is there
any reason this shouldn't be changed in the Samba source?
Michael Haverkamp
IT System Engineer (Sr.)
Honeywell Federal Manufacturing & Technologies
More information about the samba-technical
mailing list