3.0: access to listing groups/speed of listing users
Andrew Bartlett
abartlet at samba.org
Mon Apr 7 00:40:59 GMT 2003
On Mon, 2003-04-07 at 05:10, Dariush Forouher wrote:
> Hi,
>
> I've set up successfully group mapping in LDAP, but I experience one
> problem: Only root can get a list of groups from samba.
> If I try this with an ordinary user, I get an empty list of groups
> through win2k security settings or an error message through usrmgr ("Der
> Stub erhielt falsche Daten").
>
> smbd logs this:
>
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_open(435)
> ldapsam_open: cannot access LDAP when not root..
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_retry_open(509)
> Connection to LDAP Server failed for the 1 try!
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2567)
> LDAP search failed: Insufficient access
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2629)
> Unable to open passdb
> [2003/04/06 19:54:12, 1] rpc_server/srv_samr_nt.c:load_group_domain_entries(305)
> load_group_domain_entries: pdb_enum_group_mapping() failed!
>
> If I define NO_LDAP_SECURITY in pdb_ldap.c, win2k and `net rpc group`
> display the groups (But I hope there is another solution beside enabling
> such a dangerous sounding switch ;).
> Usermgr displays them too, but ordinary users now cannot view the
> details of an user or a group ("Access denied...").
Yes, we need to work on this.
> Another thing:
> usrmgr needs about 5 sec. to display about 800 users&groups.
> Win2k (security settings of a file) needs nearly 30 secs until it has
> the complete list! log.smbd shows that samba is fetching the users list
> _five_ time for win2k against one time for usrmgr. This is a really
> large difference, so are here any possibilities to reduce the durage?
Try adding indexes to your ldap directory.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030407/c08ff0f8/attachment.bin
More information about the samba-technical
mailing list