getent passwd timeouts on samba 3.5.1

Jeremy Allison jra at
Wed Aug 18 18:15:32 MDT 2010

On Wed, Aug 18, 2010 at 03:10:01PM -0700, Nagaraj Shyam wrote:
> Hi All.
> I am using samba server 3.5.1 on SUSE Linux Enterprise Server 10
> (x86_64).  Id map backend is configured to be a ldap server.  The # of
> users in the windows domain is upwards of 10000.  I almost always see
> "getent passwd" timeout after listing the "passwd" entries for about a
> thousand users after a clean start (nothing in tdb files, nothing in
> ldap backend database).  Sometimes it lists none at all.  Repeat
> commands of "getent passwd" progressively list 250 more users.  wbinfo
> -i is flakey as well - it is a hit or miss if it can list the user
> information.
> progress.
> .....
> Is the above area being looked at currently or is there a plan to
> enhance the above in the future?

Yes, in 3.6.x this has been made asynchronous.

However, the underlying problem is the nss interfaces on UNIX.
They're broken. Imagine a dirctory server with millions of
user or computer objects. The "enumerate" concept, using
getpwent() to iterate through all available users, if
fundamentally broken in this environment. There's a reason
that modern Windows uses "search" methods, not "enumerate"
methods, when looking up

What underlying problem are you trying to solve ? Which
application actually needs to enumerate all available users
or groups ? What I'd recommend is look into the fundamental
problem you're trying to solve by enumerating all users,
and fix that.


More information about the samba-technical mailing list