Sharing a 'System Read Access' LDB handle in Samba4

Andrew Bartlett abartlet at
Thu Jun 19 02:04:55 GMT 2008

I'm looking for advise on how best to share a 'system read access' ldb
handle in Samba4.

The role of this handle would be for all the processes in Samba that
acts as 'system', do not write to the database, and are invoked by
external events (ie, authentication attempts).

It seems to me that ldb takes rather a long time to start up these days,
and while a lot of this can be fixed by finding what takes the time
(like tridge's init_module discovery!), we should also avoid allowing an
external attack to do this dis-proportionate amount of work, with just a
login attempt. 

My main question is, should we just make this a global variable, stashed
away on first use like the global schema, or should it be hung off some
context (given we now have non-global loadparm).

Any thoughts?

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list