facing very slow authentication responses from samba4, urget help needed

Andreas Oster aoster at novanetwork.de
Tue May 22 23:57:20 MDT 2012 

Am 22.05.2012 22:12, schrieb Matthieu Patou:
> On 05/22/2012 10:05 AM, Andreas Oster wrote:
>> Am 22.05.2012 11:14, schrieb Andreas Oster:
>>> Am 22.05.2012 10:08, schrieb Matthieu Patou:
>>>> On 05/22/2012 12:35 AM, Andreas Oster wrote:
>>>>> Am 22.05.2012 09:27, schrieb Matthieu Patou:
>>>>>> On 05/21/2012 10:23 PM, Andreas Oster wrote:
>>>>>>> Hello Matthieu,
>>>>>>>
>>>>>>> I have managed to improve responsiveness of the mail clients by
>>>>>>> reducing the LDAP queries from Postfix. Actually there had been
>>>>>>> an error in my config which resulted in a lot of useless querries.
>>>>>>> But even with the reduced amount of queries it is not fast, compared
>>>>>>> to the Windows server and I can see high CPU utilization by the
>>>>>>> samba process whenever a LDAP query is done.
>>>>>>>
>>>>>> Do you have any idea of the queries that are done ?
>>>>> what do you mean ?
>>>> do you know which LDAP queries your postfix is now doing ?
>>>>
>>>> Matthieu
>>>>
>>> Hello Matthieu,
>>>
>>> I will test this evening and send you the logs.
>>>
>>> best regards
>>>
>>> Andreas
>>>
>> Hello Matthieu,
>>
>> this is the ldap queries when sending a mail from test account:
>>
>> ldb: ldb FULL SEARCH:
>> (&(!(isDeleted=TRUE))(&(objectclass=person)(otherMailbox=test at novanetwork.de)))
>>
>> SCOPE: sub DN: ou=HQ,dc=novanetwork,dc=loc
>>
>> ldb: ldb FULL SEARCH:
>> (&(!(isDeleted=TRUE))(&(objectclass=person)(|(mail=test at novanetwork.de)(otherMailbox=test at novanetwork.de))))
>>
>> SCOPE: sub DN: ou=HQ,dc=novanetwork,dc=loc
>>
>> so only two ldap requests for each sent mail.
> No two non indexed search, you might have more than 2 LDAP queries the
> best way to see all the queries is to make a tcpdump trace from postfix
> to samba.
> But still here you have 2 non indexed searches.
> 
> So the first question is how big is your installation (ie. how many
> computers, users, contacts), the second is are you ok to change your
> schema to index the non indexed attributes ?
> 
> Matthieu.
> 
Hello Matthieu,

we have about 40 Computers and maybe 50 Users accounts, no contacts.

Would there be a negative impact if we would modify the indexing
behavior by changing the schema ?

Thanks

best regards

Andreas

More information about the samba-technical mailing list