[Samba] Ldap performance

malte.mueller at ewetel.net malte.mueller at ewetel.net
Tue Aug 31 11:33:20 GMT 2004 

Hi,

I have very much the same Problem: 180 machines and about 3500 Accounts with
1200 active (once logged in) users. I tracked it down to the problem of slow
"group resolution". When a file oder directory is owned by a group with lots of
memberUID entries (e.g.: susers, all samba users), even ls -l slowFile takes
several seconds. If I used nscd it would time out and only respond with the
numerical groupID-number. I indexed everything important and watched for ldap
reporting non indexed attributes in the logfile. I tried to tune BDB and set the
entries cache to 10000. My process size is roughly the same as pereti's. I tried
several versions of ldap, currently 2.1.21, but nothing helped.
This is IMHO not a samba but OpenLDAP or nsswitch problem.

Sincerely,
Malte Müller

Zitat von Bruno Gimenes Pereti <pereti at ump.edu.br>:
> Hi,
> 
> I Have a PDC running Samba 3.0.4 with OpenLDAP (posix and sambaSAM). I have
> more than 1500 users and almost 200 machines in the domain. At 7 PM, when
> the students start to login in the win98, win2000 and winXP machine, it's
> impossible to change a password even with smbpasswd the linux console. When
> the server is idle, it takes me 1 minute to open the MS User Manager and see
> the property of a user.
> What should be the minimum hardware to this PDC?
> 
> Is it normal to have 36 slapd process, each using 33 MB?
> 
> Another thing that may be slowing the ldap is that I need to use scope =sub
> in my ldap.conf to find users and computers:
> 
> dc=homelan,dc=com,dc=br
>         Users
>                 students
>                 Teachers
>                 employees
>         Groups
>         Computers
> 
> the relevant part of my smb.conf:
> 
> passdb backend = ldapsam:ldap://localhost
> 
> ldap suffix = dc=homelan,dc=com,dc=br
> ldap admin dn = cn=admin,dc=homelan,dc=com,dc=br
> ldap filter = (uid=%u)
> ldap user suffix = ou=users
> ldap machine suffix = ou=computers
> ldap group suffix = ou=groups
> ldap port = 389
> ldap server = localhost
> ldap ssl = no
> ldap delete dn = yes
> ldap passwd sync = yes
> 
> admin users = administrator
> 
> ----
> 
> What I can do to make it work faster?
> 
> TIA.
> 
> Bruno Pereti
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 




--
Powered by EWE TEL

More information about the samba mailing list