[Samba] LDAP access problem

Tue Dec 9 21:57:16 GMT 2003

Hi,

My Samba-3.0.0 is configured as PDC. I've joined a W2k wks on this domain and everything works perfectly.
However, when I try to add ACL on a file or directory located on the server, the display of the 1700 users and 570 groups take a while (20-30 sec), the slapd process use about 90% of CPU.

In the slapd.conf 

index objectClass pres,eq
index uidNumber eq
index gidNumber eq
index cn        pres,sub,eq
index sn        pres,sub,eq
index uid       pres,sub,eq
index displayName       pres,sub,eq
index sambaSID  eq
index sambaPrimaryGroupSID      eq
index memberUid eq
index sambaDomainName   eq
index default   sub

I've already made tests with different values on the dbcachesize and cachesize parameter but without improvement.

in the log file for the W2k workstation :

[2003/12/09 17:45:22, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gid
Number=1004))]
[2003/12/09 17:45:22, 0] lib/smbldap.c:smbldap_open(799)
  smbldap_open: cannot access LDAP when not root..
[2003/12/09 17:45:22, 1] lib/smbldap.c:smbldap_retry_open(888)                  
  Connection to LDAP Server failed for the 1 try!
[2003/12/09 17:45:22, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (Insuff
icient access)ldapsam_search_one_group: Query was: ou=groups,o=chc,c=be, (&(obje
ctClass=sambaGroupMapping)(gidNumber=1004))

Is those entries normal ? And how to improve the response time of the LDAP server ?

See you,

Raphaël