get_domain_user_groups() improvement.

Igor Belyi sambauser at
Sun Sep 26 06:18:30 GMT 2004

Andrew Bartlett wrote:
> On Sat, 2004-09-25 at 04:13, Igor Belyi wrote:
>>Then get_memberuids() is doomed. To get the list of all users whose 
>>primary group has a particular gid you need to either have their 
>>posixAccount in LDAP to allow filter to do the work or list all users 
>>via NSS as get_memberuids() function does now.
> Unfortunately we are now so far into the 3.0 series that we can't
> realistically break any 'working' configuration, no matter how much I
> may feel it's brain-dead or otherwise ;-).  Naturally, that didn't stop
> the performance issue being introduced for correctness, but what we can
> do is guard the fix with 'ldap trust ids' (or a better name) as a
> smb.conf parameter.

Would you look at that! All 'query' backends (ldap, mysql, pgsql) has 
primaryGroupSid in their Samba user databases and this is enough to have 
the requested optimization.

The attached patch introduces yet another pdb interface method 
enum_group_prmembers to retrieve SIDs of users with the given 
primaryGroupSid. Its default implementation goes through all users as it 
was done in get_memberuids(). Implementations in ldap, mysql, and pgsql 
backends use correct filter and query.

get_memberuids() is adjusted to use this new method instead of going 
through all users all the time.

This patch is made on top of my previous patch.

I've tested it a little - group members are shown correctly and smbd 
doesn't crash.

Hope you like it. Note, no "ldap trust ids" is necessary. :o)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-3.0.7-enum_group_prmembers.patch
Type: text/x-patch
Size: 22191 bytes
Desc: not available
Url :

More information about the samba-technical mailing list