get_domain_user_groups() improvement.

Andrew Bartlett abartlet at
Fri Sep 24 22:12:46 GMT 2004

On Sat, 2004-09-25 at 01:27, Volker.Lendecke at SerNet.DE wrote:
> On Wed, Sep 22, 2004 at 11:55:16PM -0400, Igor Belyi wrote:
> > If I understand philosophy behind Samba correctly (which I doubt) its 
> > passwd/group/host databases are supposed to be maintained independently 
> > of where local system keeps its own corresponding databases.

> To be honest, I don't believe that this internal structure of Samba 3 will
> fundamentally change anymore. We might add performance optimizations here and
> there, but the major cleanup of Samba 3 code that is necessary sooner or later
> is called Samba 4.

In the past, we have had a parameter 'ldap trust ids'.  It was pulled
out, but I would like to see it introduced again 'guarding' changes such
as the ones we discussed, to solve the performance issues for the
standard sites running our recommended configurations.  

Currently, Samba 3.0.3 and above are unusable at my site, simply because
we have a 1000 user database (and very frequent domain logons)!  This
happens because for some reason the WinXP clients want to know the
members of the 'domain admins' group, and the current code does of all
things a 'getent passwd' against the entire LDAP directory, because NSS
doesn't provide a call for finding users with primary GIDs.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list