Broadening the scope of the negative connection cache

Gerald (Jerry) Carter jerry at
Tue May 13 14:43:21 GMT 2008

Hash: SHA1

Volker Lendecke wrote:

> While there -- can we move the idmap cache there as well?
> What that would do: smbd could also put stuff in there. This
> is really necessary for people having ACLs and "hide
> unreadable". For each file we have to translate the gids to
> sids. This basically took down a PDC's LDAP server of a
> customer of mine. No winbind around, just smbd.

Hmm....not sure I'm initially as supportive of that idea.  But I'll
think on it and maybe convince myself differently.

Why can't they run winbindd?  Internally smbd has a sid/uid/gid
cache.  Maybe that should be in gencache.  But I'd like to keep
Winbindd's idmap cache separate.

PS: I do believe that Winbind's idmap cache needs to be cleaned
up.  For example, caching the forward and reverse map entries
should be in a single transaction.

cheers, jerry
- --
Samba                                    -------
Likewise Software          ---------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list