ADS grouplisting with getent fails
Martin Zielinski
mz at seh.de
Wed Apr 13 07:39:45 GMT 2005
Volker Lendecke wrote:
> Hello, Martin!
>
> On Wed, Apr 13, 2005 at 08:48:06AM +0200, Martin Zielinski wrote:
>
>>I'm facing some problems with the group and userlistings on a (quite)
>>slow machine in a huge AD Domain.
>>There are ~10000 users and ~4000 groups and several trust-relationships
>>accross europe.
>>I often need several tries to receive the listing.
>>I found, that the problem is the 30-seconds-timeout in
>>nsswitch/wb_common.c - read_sock(). Perhaps this could be handled more
>>generously?
>
>
> Yes, certainly. Right now I'm in the process of getting the enumeration
> functions in winbind trunk/ right. The main problem is that for a domain
> everything is being read in a big chunk. Although for security=ads we're using
> paged searches, the end result the user sees is the one big chunk per domain.
> This needs to and will change, although that is quite an intrusive change that
> will probably not come for 3.0.15. In the meantime you could just increase the
> timeout. Can you do that yourself, or do you want patched binaries?
>
> Volker
>
I've allready changed it to 120 seconds. Just wanted to know, if
- I'm right
- Someone else cares about this
- There are more places with such a fixed timeout that I overlooked
- There are side-effects (e.g. kerberos timeout restrictions or so...)
Thanks a lot,
Martin
--
Martin Zielinski mz at seh.de
Software Development
SEH Computertechnik GmbH www.seh.de
More information about the samba-technical
mailing list