stoping ldap requests for file ownership
elshaa
tblanchin at gmail.com
Thu Jan 29 18:04:51 GMT 2009
Hi,
In a development environment, I have a samba server + LDAP backend sharing
files over several web servers. To simplify the whole setup, the samba
server has this directive :
force user = www
force group = www
This server has nsswitch LDAP setup. BUT the www user and group exists
locally :
(passwd) www:x:600:600:Webmaster:/home/www:/bin/bash
(group) www:x:600:
and my /etc/nsswitch is configured for the system to go look in the files
first :
passwd: files ldap
shadow: files ldap
Now, each and every single time a file is opened, an ldap request is
performed. It looks like this :
SRCH base="ou=groups,o=egroup,dc=ldap" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=600))" attrs="gidNumber
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass"
RESULT err=0 tag=101 nentries=0 etime=0
You can see the request is even useless as no entry is found.
I guess this is samba doing that for some reason.
The problem is that most developers use dev tools like Zend that
continuously scans the shared folders to look for modifications, and the
continuous requests overload my ldap server.
I tried several things :
* iptables rules to limit requests rates but this becomes a mess as regular
requests got rejected too.
* nscd, but for some reason it doesn't cache this kind of requests
* tweaking my ldap server's cache system (FDS), which decreased load a
little, but not enough.
Is it a way to disable what samba is trying to do ?
Thank you very much !
--
View this message in context: http://www.nabble.com/stoping-ldap-requests-for-file-ownership-tp21732326p21732326.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list