access idmap cache directly from smbd

Sean O'Malley omalleys at
Tue Aug 26 20:45:06 GMT 2008

I agree with Simo. An hour is reasonable.

The default nscd positive cache timeout is 1 hour.

You have a couple of things going on. First is finding stale cache is a
pain. You made the changes, and it still doesnt work. ... You get calls.

I -assume- maybe incorrectly there is no way to clear the cache the
without restarting the whole server, which with a 7 day cache timeout
means any major changes you have to restart the server which can cause
issues for people.

Also just out of curiousity how much time vs memory are we talking about
saving? At what point is it going to be faster to just look up the data
versus looking in the cache? Is there a default cache size limit?


On Tue, 26 Aug 2008, simo wrote:

> On Tue, 2008-08-26 at 13:16 -0700, Jeremy Allison wrote:
> > On Tue, Aug 26, 2008 at 04:07:53PM -0400, simo wrote:
> >
> > > I still do not agree to increase the time to a full week.
> > > I'd prefer a few hours a day at most, but up to you.
> >
> > What does making this a week hurt ?
> This is what I wrote in this thread 10 days ago.
> [...]
> On the cache timeout:
> Also the 1 full week positive caching is probably too much for a
> default, although I agree we should probably change the cache to a few
> hours and not just 15 minutes. Mapping for weeks is almost the same as
> mapping forever.
> The reason for positive mappings with a time limit is that this way
> admins that uses ldap or ad backends can change these mappings and
> expect the change to reflect in the server in a reasonable time.
> Because it is an exposed configuration option, of course any admin can
> tune it to whatever value they want, even months or years, so I'd leave
> longer periods as something to set as a local tuning.
> Of course someone could argue that being a tunable then admins that
> expect to change mappings could tune it down, but because the expiration
> time is written in the cache they would still have to wait a full week
> after they change the parameter to a lesser value, so by the time they
> realize they have to change a mapping it would be just too much with a
> default configuration and they would be forced to either stop the server
> and wipe the cache or try to manipulate it manually somehow.
> In contrast, if someone has performance problems and realize that this
> is because of excessive lookups they can easily tune up the cache time
> and they would see their change to be immediately applied as soon as the
> entry expire (15 min to a few hours depending on what we settle down
> to).
> [...]
> Simo.

  Sean O'Malley, Information Technologist
  Michigan State University

More information about the samba-technical mailing list