Restrict Winbind enumeration to specific OU?
Gerald (Jerry) Carter
jerry at samba.org
Fri Oct 20 13:20:21 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Maggard wrote:
> From what I've seen, using winbind in a large
> corporate ADS environment tends to lead to a lot of
> memory and CPU usage, which can be pretty
> hardon an old system or an embedded system running
> Samba. In many situations, it would be nice to
> be able to limit winbind to one or more
> specific OUs. Has any work been done to this end?
I used to think this was a good idea. But after you
think about, one realizes that it won't work in general
if you restrict both users and groups. Perhaps we could get
around by only restricting users to an OU. But no one
has tried yet that I know.
In general, disabling 'winbind enum {users,groups}' lessens
much of the pain in large environments.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFOM0VIR7qMdg1EfYRAtfYAJ41VKF7iR4/TygrLhnzHddUnflFJgCfW5ab
Rnp697rdwksgSgKaQUT0WKk=
=dAP4
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list