[Samba] Re: ldap filter and man page
Beast
indorama at rad.net.id
Fri Jan 23 07:58:05 GMT 2004
* Andrew Bartlett <abartlet at samba.org> nulis:
>
> This sounds like you are missing indexes, as much as any fatal flaw
> elsewhere.
Nope. All necessary attributes are indexes, cache and db are (hopefully) properly tuned.
>
> > IMO nss_ldap ldap queries is unefficient, so I'm bypassing any pam call
> > whenever possible (not possible with samba I think).
>
> posix is a beast, but the calls are easily indexed. How large is your
> site that is is causing problems?
>
Not really large actually, just around 900+ pcs. however occasionally we experience very high (mail) traffic.
I don't think that samba will highly utilised the directory server, but I'll see...
> > But putting machine account under same container as user account is
> > also umm..., not elegant :-)
>
> Naturally, you have the option to say 'ou=people,ou=accounts... and
> ou=computers,ou=accounts' if the rest of your tree is particularly
> large, and you don't think the objectclass search restrictions will
> help.
It still use different container for people and computer, however it narrow down the entries. That would be 'perfect' solutions for those who insist to put computer account other than user accounts.
Thanks, andrew!
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
--beast
More information about the samba
mailing list