[Samba] Re: ldap filter and man page

Beast indorama at rad.net.id
Fri Jan 23 07:58:05 GMT 2004

* Andrew Bartlett <abartlet at samba.org> nulis:

> This sounds like you are missing indexes, as much as any fatal flaw
> elsewhere.

Nope. All necessary attributes are indexes, cache and db are (hopefully) properly tuned.

> > IMO nss_ldap ldap queries is unefficient, so I'm bypassing any pam call 
> > whenever possible (not possible with samba I think).
> posix is a beast, but the calls are easily indexed.  How large is your
> site that is is causing problems?

Not really large actually, just around 900+ pcs. however occasionally we experience very high (mail) traffic. 
I don't think that samba will highly utilised the directory server, but I'll see... 

> > But putting machine account under same container as user account is 
> > also umm..., not elegant :-)
> Naturally, you have the option to say 'ou=people,ou=accounts... and
> ou=computers,ou=accounts' if the rest of your tree is particularly
> large, and you don't think the objectclass search restrictions will
> help.

It still use different container for people and computer, however it narrow down the entries. That would be 'perfect' solutions for those who insist to put computer account other than user accounts.
Thanks, andrew!

> Andrew Bartlett
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net


More information about the samba mailing list