3.0: access to listing groups/speed of listing users
Dariush Forouher
dariush at forouher.de
Sun Apr 6 19:10:03 GMT 2003
Hi,
I've set up successfully group mapping in LDAP, but I experience one
problem: Only root can get a list of groups from samba.
If I try this with an ordinary user, I get an empty list of groups
through win2k security settings or an error message through usrmgr ("Der
Stub erhielt falsche Daten").
smbd logs this:
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_open(435)
ldapsam_open: cannot access LDAP when not root..
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_retry_open(509)
Connection to LDAP Server failed for the 1 try!
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2567)
LDAP search failed: Insufficient access
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2629)
Unable to open passdb
[2003/04/06 19:54:12, 1] rpc_server/srv_samr_nt.c:load_group_domain_entries(305)
load_group_domain_entries: pdb_enum_group_mapping() failed!
If I define NO_LDAP_SECURITY in pdb_ldap.c, win2k and `net rpc group`
display the groups (But I hope there is another solution beside enabling
such a dangerous sounding switch ;).
Usermgr displays them too, but ordinary users now cannot view the
details of an user or a group ("Access denied...").
Another thing:
usrmgr needs about 5 sec. to display about 800 users&groups.
Win2k (security settings of a file) needs nearly 30 secs until it has
the complete list! log.smbd shows that samba is fetching the users list
_five_ time for win2k against one time for usrmgr. This is a really
large difference, so are here any possibilities to reduce the durage?
ciao
Dariush
--
PGP Fingerprint: 0x886C99A1
More information about the samba-technical
mailing list