[PATCH] pdb_ldap: Use lp_ldap_group_suffix

Christof Schmitt christof.schmitt at us.ibm.com
Tue Jul 10 14:42:35 MDT 2012

Volker Lendecke <Volker.Lendecke at sernet.de> wrote on 07/09/2012 10:02:12 

> On Mon, Jul 09, 2012 at 11:20:00PM +0200, Michael Adam wrote:
> > Well, this is essentially the revert of
> > 91a8cb851e1919a337310e2c699d8fcf76a55060:
> > 
> > "Fix bug #6431 - local groups from 3.0 setups no longer found."
> > (Search for groups without group suffix, group suffix is only
> > used for new entries.)
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=6431
> > 
> > So we can't simply revert that if we still want to
> > support older installations.
> > 
> > We could force the use of some form of "upgrade-provision" for
> > older installations.
> Well, for pdb_ldap there is no way for an upgrade-provision.
> We do not control the user's LDAP trees the same way S4
> controls the AD tree.
> Christof, what is your exact performance problem? As Andrew
> pointed out, it should be possible to configure the LDAP
> tree so that this is not a problem.

I do not have the information about the exact performance
problem. The request for this change was made to me since it is
possible to configure "ldap group suffix" and "ldap user suffix",
but those are not used for searching. There is some worry that
this affects performance, but i don't have any data. I will
respond to the request and recommend to create the indexes on the
LDAP server.


Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)

More information about the samba-technical mailing list