LDAP access problem

Raphaël Berghmans rberghmans at arafox.com
Tue Dec 9 21:57:16 GMT 2003


My Samba-3.0.0 is configured as PDC. I've joined a W2k wks on this domain and everything works perfectly.
However, when I try to add ACL on a file or directory located on the server, the display of the 1700 users and 570 groups take a while (20-30 sec), the slapd process use about 90% of CPU.

In the slapd.conf 

index objectClass pres,eq
index uidNumber eq
index gidNumber eq
index cn        pres,sub,eq
index sn        pres,sub,eq
index uid       pres,sub,eq
index displayName       pres,sub,eq
index sambaSID  eq
index sambaPrimaryGroupSID      eq
index memberUid eq
index sambaDomainName   eq
index default   sub

I've already made tests with different values on the dbcachesize and cachesize parameter but without improvement.

in the log file for the W2k workstation :

[2003/12/09 17:45:22, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gid
[2003/12/09 17:45:22, 0] lib/smbldap.c:smbldap_open(799)
  smbldap_open: cannot access LDAP when not root..
[2003/12/09 17:45:22, 1] lib/smbldap.c:smbldap_retry_open(888)                  
  Connection to LDAP Server failed for the 1 try!
[2003/12/09 17:45:22, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (Insuff
icient access)ldapsam_search_one_group: Query was: ou=groups,o=chc,c=be, (&(obje

Is those entries normal ? And how to improve the response time of the LDAP server ?

See you,


More information about the samba-technical mailing list