3.0: access to listing groups/speed of listing users

Dariush Forouher dariush at forouher.de
Sun Apr 6 19:10:03 GMT 2003


I've set up successfully group mapping in LDAP, but I experience one
problem: Only root can get a list of groups from samba.
If I try this with an ordinary user, I get an empty list of groups
through win2k security settings or an error message through usrmgr ("Der
Stub erhielt falsche Daten").

smbd logs this:

[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_open(435)
  ldapsam_open: cannot access LDAP when not root..
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_retry_open(509)
  Connection to LDAP Server failed for the 1 try!
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2567)
  LDAP search failed: Insufficient access
[2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2629)
  Unable to open passdb
[2003/04/06 19:54:12, 1] rpc_server/srv_samr_nt.c:load_group_domain_entries(305)
  load_group_domain_entries: pdb_enum_group_mapping() failed!

If I define NO_LDAP_SECURITY in pdb_ldap.c, win2k and `net rpc group`
display the groups (But I hope there is another solution beside enabling
such a dangerous sounding switch ;).
Usermgr displays them too, but ordinary users now cannot view the
details of an user or a group ("Access denied...").

Another thing:
usrmgr needs about 5 sec. to display about 800 users&groups.
Win2k (security settings of a file) needs nearly 30 secs until it has
the complete list! log.smbd shows that samba is fetching the users list
_five_ time for win2k against one time for usrmgr. This is a really
large difference, so are here any possibilities to reduce the durage?

PGP Fingerprint: 0x886C99A1

More information about the samba-technical mailing list