[Samba] Re: ldap filter and man page
indorama at rad.net.id
Fri Jan 23 04:27:41 GMT 2004
* "Gerald (Jerry) Carter" <jerry at samba.org> nulis:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Andrew Bartlett wrote:
> > Naturally, this just means you need to give nss_ldap the same ldap base
> > DN to search under as samba is using. Naturally, if nss_ldap only looks
> > under ou=people, then it's not going to work, but I set my base dn to
> > just 'dc=hawkerc,dc=net', and carry the minor cost of a possible search
> > against other ou's that might not contain accounts.
> Right. And my only point is that for large directories this
> cost can be non-zero. So IMO we need to redisgn the LDAP suffix and
> searches in Samba altogether to be more localized and efficient.
Thats correct, even I did not implement samba yet, but under high traffic on my email system, it can easily killing my openldap.
IMO nss_ldap ldap queries is unefficient, so I'm bypassing any pam call whenever possible (not possible with samba I think).
But putting machine account under same container as user account is also umm..., not elegant :-)
More information about the samba