stoping ldap requests for file ownership

elshaa tblanchin at
Thu Jan 29 18:04:51 GMT 2009


In a development environment, I have a samba server + LDAP backend sharing
files over several web servers. To simplify the whole setup, the samba
server has this directive :
    force user = www
    force group = www

This server has nsswitch LDAP setup. BUT the www user and group exists
locally :
    (passwd) www:x:600:600:Webmaster:/home/www:/bin/bash
    (group) www:x:600:

and my /etc/nsswitch is configured for the system to go look in the files
first :
    passwd:     files ldap
    shadow:     files ldap

Now, each and every single time a file is opened, an ldap request is
performed. It looks like this :
    SRCH base="ou=groups,o=egroup,dc=ldap" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=600))" attrs="gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass"
    RESULT err=0 tag=101 nentries=0 etime=0

You can see the request is even useless as no entry is found.

I guess this is samba doing that for some reason.
The problem is that most developers use dev tools like Zend that
continuously scans the shared folders to look for modifications, and the
continuous requests overload my ldap server.

I tried several things :
 * iptables rules to limit requests rates but this becomes a mess as regular
requests got rejected too.
 * nscd, but for some reason it doesn't cache this kind of requests
 * tweaking my ldap server's cache system (FDS), which decreased load a
little, but not enough.

Is it a way to disable what samba is trying to do ?
Thank you very much !
View this message in context:
Sent from the Samba - samba-technical mailing list archive at

More information about the samba-technical mailing list