3.0: access to listing groups/speed of listing users

Andrew Bartlett abartlet at samba.org
Mon Apr 7 00:40:59 GMT 2003 

On Mon, 2003-04-07 at 05:10, Dariush Forouher wrote:
> Hi,
> 
> I've set up successfully group mapping in LDAP, but I experience one
> problem: Only root can get a list of groups from samba.
> If I try this with an ordinary user, I get an empty list of groups
> through win2k security settings or an error message through usrmgr ("Der
> Stub erhielt falsche Daten").
> 
> smbd logs this:
> 
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_open(435)
>   ldapsam_open: cannot access LDAP when not root..
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_retry_open(509)
>   Connection to LDAP Server failed for the 1 try!
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2567)
>   LDAP search failed: Insufficient access
> [2003/04/06 19:54:12, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2629)
>   Unable to open passdb
> [2003/04/06 19:54:12, 1] rpc_server/srv_samr_nt.c:load_group_domain_entries(305)
>   load_group_domain_entries: pdb_enum_group_mapping() failed!
> 
> If I define NO_LDAP_SECURITY in pdb_ldap.c, win2k and `net rpc group`
> display the groups (But I hope there is another solution beside enabling
> such a dangerous sounding switch ;).
> Usermgr displays them too, but ordinary users now cannot view the
> details of an user or a group ("Access denied...").

Yes, we need to work on this.

> Another thing:
> usrmgr needs about 5 sec. to display about 800 users&groups.
> Win2k (security settings of a file) needs nearly 30 secs until it has
> the complete list! log.smbd shows that samba is fetching the users list
> _five_ time for win2k against one time for usrmgr. This is a really
> large difference, so are here any possibilities to reduce the durage?

Try adding indexes to your ldap directory.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030407/c08ff0f8/attachment.bin

More information about the samba-technical mailing list