getent passwd timeouts on samba 3.5.1
jra at samba.org
Wed Aug 18 18:15:32 MDT 2010
On Wed, Aug 18, 2010 at 03:10:01PM -0700, Nagaraj Shyam wrote:
> Hi All.
> I am using samba server 3.5.1 on SUSE Linux Enterprise Server 10
> (x86_64). Id map backend is configured to be a ldap server. The # of
> users in the windows domain is upwards of 10000. I almost always see
> "getent passwd" timeout after listing the "passwd" entries for about a
> thousand users after a clean start (nothing in tdb files, nothing in
> ldap backend database). Sometimes it lists none at all. Repeat
> commands of "getent passwd" progressively list 250 more users. wbinfo
> -i is flakey as well - it is a hit or miss if it can list the user
> Is the above area being looked at currently or is there a plan to
> enhance the above in the future?
Yes, in 3.6.x this has been made asynchronous.
However, the underlying problem is the nss interfaces on UNIX.
They're broken. Imagine a dirctory server with millions of
user or computer objects. The "enumerate" concept, using
getpwent() to iterate through all available users, if
fundamentally broken in this environment. There's a reason
that modern Windows uses "search" methods, not "enumerate"
methods, when looking up
What underlying problem are you trying to solve ? Which
application actually needs to enumerate all available users
or groups ? What I'd recommend is look into the fundamental
problem you're trying to solve by enumerating all users,
and fix that.
More information about the samba-technical