Loading users into a Samba AD DC using LDIF?
abartlet at samba.org
Fri Aug 18 19:47:11 UTC 2023
On Fri, 2023-08-18 at 08:59 -0700, Richard Sharpe via samba-technical
> Hi Folks,
> In testing user creation with samba-tool, I found it takes around
> tenminutes to create 10,000 users. This was with a VM but with
> realhardware we might only expect a small factor of improvement.
> Is there a way to use LDIF to load large numbers of users and
> groupsinto Samba as an AD controller?
> Of course, that might not be faster, but I am hoping.
Yes, to to avoiding the python startup overhead and being a single
transaction (matters less on SSD, the fsync() was a real cost 'back in
The minimum attributes in AD are smaller than you might expect:
from an example in testprogs/blackbox/dbcheck-links.sh
pre1,DC=samba,DC=corpobjectclass: usersamaccountname: missingsidu1
Setting passwords is more of a pain, by default unicodePwd takes the
password as UTF-16-encoded("password") with the " chars really being in
the string set!
Or you can enable userPassword support, and just set "userPassword:
password" just like any other attribute.
samba-tool forest directory_service dsheuristics 000000001
eg:(tested against a ad_dc testenv)
bin/samba-tool forest directory_service dsheuristics 000000001 -s
bin/ldbadd -H st/ad_dc/private/sam.ldbCan't load
/usr/local/samba/etc/smb.conf - run testparm to debug itdn:
objectclass: usersamaccountname: missingsidu1userPassword:
p at ssw0rd
Added 1 records successfully
I hope this helps!
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba-technical