get_domain_user_groups() improvement.

Igor Belyi sambauser at
Thu Sep 23 03:55:16 GMT 2004

Andrew Bartlett wrote:
> While you are at it, we also need to improve the performance of the
> 'users in this group' call.  I have the clients at my site making this
> call, much to my frustration, as it currently does a 'getent passwd'
> over the entire directory, looking for primary gids.  We should do an
> LDAP search for that information too.

Well... This is a little bit trickier since you probably refer to the 
get_memberuids() function...

If I understand philosophy behind Samba correctly (which I doubt) its 
passwd/group/host databases are supposed to be maintained independently 
of where local system keeps its own corresponding databases.

Unfortunately, with LDAP it is no more true - ldapsam too heavily 
depends on Unix users and groups being in LDAP and being represented by 
posixAccount and posixGroup. Somehow this dependance was not caried 
completely through and some passdb code still uses NSS calls to retrieve 
local user or group information showing the "independence of databases" 
spirit regardless of what backend is used.

The change I've made did not change the functionality of the call since 
it already had the "all information is in LDAP" attitude. The patch just 
made this a little bit more optimal. That why I was quite comforable 
suggesting the change.

On the other hand, suggestion for a similar change in get_memberuids() 
will require another passdb function to give up its "independance" and 
let ldapsam assume yet again that all local users and databases are in LDAP.

It would be quite helpful if somebody among real (older? more 
experienced?) Samba maintainers would explain which of the two 
directions Samba is heading.


More information about the samba-technical mailing list