[Samba] Re: ldap filter and man page

Beast indorama at rad.net.id
Fri Jan 23 04:27:41 GMT 2004

* "Gerald (Jerry) Carter" <jerry at samba.org> nulis:

> Hash: SHA1
> Andrew Bartlett wrote:
> > Naturally, this just means you need to give nss_ldap the same ldap base
> > DN to search under as samba is using.  Naturally, if nss_ldap only looks
> > under ou=people, then it's not going to work, but I set my base dn to
> > just 'dc=hawkerc,dc=net', and carry the minor cost of a possible search
> > against other ou's that might not contain accounts.
> Right.  And my only point is that for large directories this
> cost can be non-zero.  So IMO we need to redisgn the LDAP suffix and 
> searches in Samba altogether to be more localized and efficient.

Thats correct, even I did not implement samba yet, but under high traffic on my email system, it can easily killing my openldap.
IMO nss_ldap ldap queries is unefficient, so I'm bypassing any pam call whenever possible (not possible with samba I think).
But putting machine account under same container as user account is also umm..., not elegant :-)


More information about the samba mailing list