[Samba] Ldap performance

Bruno Gimenes Pereti pereti at ump.edu.br
Fri Sep 3 14:24:24 GMT 2004 

Hi Paul,

>>>> >Another thing that may be slowing the ldap is that I need to use
>>>> scope >=sub
>>>> >in my ldap.conf to find users and computers:
>>>> So you're saying that in your ldap.conf you have things configured like 
>>>> so?
>>>> nss_base_passwd        dc=homelan,dc=com,dc=br?sub
>>>
>>>
>>> With the correct indexes and enough RAM it shouldn't really matter.
>>>
>>
>> Yes I have this in my ldap.conf:
>>
>> nss_base_passwd         dc=ump,dc=edu,dc=br?sub
>> nss_base_shadow         dc=ump,dc=edu,dc=br?sub
>> nss_base_group          ou=groups,dc=ump,dc=edu,dc=br?one
>> nss_base_hosts          ou=computers,dc=ump,dc=edu,dc=br
>>
>> I didn't change that yet because I like the idea of keeping computers and 
>> users separated.
>
> That isn't actually what you're doing by setting nss_base_hosts. 
> Basically you're configuring ldap to look for dns information in 
> ou=Computers.
> The idea of putting hosts and users in different places as far as samba is 
> concerned is a different beast.  Samba requires hosts to have a standard 
> unix user account, ldap doesn't really know the difference since samba 
> searches for a general posix account in the passwd scope.
>
> Let me know if that's confusing, it seems like it probably is but I don't 
> have my good explaining head on yet.

My fault, I didn't explained what mean. I have users in 
"ou=Users,dc=homelan,dc=com,dc=br?sub" and computers in 
"ou=Computers,dc=homelan,dc=com,dc=br?one".
To make it work this way I need to have

nss_base_passwd         dc=ump,dc=edu,dc=br?sub
nss_base_shadow         dc=ump,dc=edu,dc=br?sub

in ldap.conf or else samba will not find the computers accounts. If I had 
users and computers in ou=Users I could have

nss_base_passwd         ou=Users,dc=ump,dc=edu,dc=br?one

and I read (don't remember where) that this would make a big difference. I 
like my tree the way it is now, and it would be a hard work to move it all. 
I'd prefer to resolve this problem with the indexes configuration.

Thank's

Bruno.

More information about the samba mailing list