3.0: access to listing groups/speed of listing users
abartlet at samba.org
Mon Apr 7 00:40:59 GMT 2003
On Mon, 2003-04-07 at 05:10, Dariush Forouher wrote:
> I've set up successfully group mapping in LDAP, but I experience one
> problem: Only root can get a list of groups from samba.
> If I try this with an ordinary user, I get an empty list of groups
> through win2k security settings or an error message through usrmgr ("Der
> Stub erhielt falsche Daten").
> smbd logs this:
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_open(435)
> ldapsam_open: cannot access LDAP when not root..
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_retry_open(509)
> Connection to LDAP Server failed for the 1 try!
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2567)
> LDAP search failed: Insufficient access
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2629)
> Unable to open passdb
> [2003/04/06 19:54:12, 1] rpc_server/srv_samr_nt.c:load_group_domain_entries(305)
> load_group_domain_entries: pdb_enum_group_mapping() failed!
> If I define NO_LDAP_SECURITY in pdb_ldap.c, win2k and `net rpc group`
> display the groups (But I hope there is another solution beside enabling
> such a dangerous sounding switch ;).
> Usermgr displays them too, but ordinary users now cannot view the
> details of an user or a group ("Access denied...").
Yes, we need to work on this.
> Another thing:
> usrmgr needs about 5 sec. to display about 800 users&groups.
> Win2k (security settings of a file) needs nearly 30 secs until it has
> the complete list! log.smbd shows that samba is fetching the users list
> _five_ time for win2k against one time for usrmgr. This is a really
> large difference, so are here any possibilities to reduce the durage?
Try adding indexes to your ldap directory.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030407/c08ff0f8/attachment.bin
More information about the samba-technical