[Samba] ldap machine suffix fixed?

Beast beast at beantransactions.com
Thu Dec 16 09:39:21 GMT 2004

Tomasz Chmielewski wrote:
> Beast wrote:
>> Jim C. wrote:
>>> Hash: SHA1
>>> Did ldap machine suffix ever get fixed so that it can be in a sperate
>>> container from ldap user suffix?
>> Is there any problem to be fix on samba side? I've been using separate 
>> container for machine without any problem ( almost 8 months now)
> Yes, there was a problem, and maybe still is.
> You are using separate containers for users and machines, because you 
> probably search for them in the whole LDAP tree.

Yes. I did not specify filter on pam/nss_ldap. However the limitation is 
coming from nss_ldap not samba.

> On systems with lots of machines and users this can lead to a bottleneck 
> (searching for machines first in users, then in machines etc., instead 
> of in machines only, and in users only if looking for users).

You can still use 1 dedicated (slave) ldap server for each samba server 
as I do on my setup or using nscd to cache passwd, group etc.

> Tomek



More information about the samba mailing list