[Samba] ldap machine suffix fixed?
beast at beantransactions.com
Thu Dec 16 09:39:21 GMT 2004
Tomasz Chmielewski wrote:
> Beast wrote:
>> Jim C. wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Did ldap machine suffix ever get fixed so that it can be in a sperate
>>> container from ldap user suffix?
>> Is there any problem to be fix on samba side? I've been using separate
>> container for machine without any problem ( almost 8 months now)
> Yes, there was a problem, and maybe still is.
> You are using separate containers for users and machines, because you
> probably search for them in the whole LDAP tree.
Yes. I did not specify filter on pam/nss_ldap. However the limitation is
coming from nss_ldap not samba.
> On systems with lots of machines and users this can lead to a bottleneck
> (searching for machines first in users, then in machines etc., instead
> of in machines only, and in users only if looking for users).
You can still use 1 dedicated (slave) ldap server for each samba server
as I do on my setup or using nscd to cache passwd, group etc.
More information about the samba