access idmap cache directly from smbd

simo idra at
Tue Aug 26 20:07:53 GMT 2008

On Tue, 2008-08-26 at 13:03 -0700, Jeremy Allison wrote:
> On Sat, Aug 16, 2008 at 12:18:00PM +0200, Volker Lendecke wrote:
> > Hi, Jerry & Simo!
> > 
> > Attached find two patches that make smbd directly access the
> > idmap cache.
> > 
> > It does widen the interface between smbd and the Samba
> > implementation of winbind, but I think it is fully
> > compatible with alternative implementations of libwbclient
> > like the Likewise one.
> > 
> > It will speed up Samba operation, because it gets rid of a
> > considerable amount of roundtrips to winbind, in particular
> > together with the third patch that increases the default
> > positive cache timeout to a week.
> > 
> > If this is not acceptable upstream, we need to discuss a
> > separate tdb-based idmap cache for smbd only. I have
> > customers where the LDAP server is running at its total
> > limit, because they have "hide unreadable" set together with
> > many files and Posix ACLs. With every user pressing "f5" in
> > a directory, we look up hundreds of gids against LDAP, one
> > after the other.  This is a significant performance problem
> > in my situation, and I would like to get a relief upstream.
> Ok, I've pushed the idmap cache move and the cache
> timeout increase for 3.3 as they're obvious goodness.
> I'm going to work on the smbd read access to the new
> cache next.

I still do not agree to increase the time to a full week.
I'd prefer a few hours a day at most, but up to you.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Senior Software Engineer at Red Hat Inc. <simo at>

More information about the samba-technical mailing list