[Samba] samba w/ ldap - groups scalability and performance
Marlys Nelson
Marlys.A.Nelson at uwrf.edu
Sun Sep 19 17:11:32 GMT 2004
Paul Gienger wrote:
>
>> in the logs. This is correct because I'm no longer allowing samba to
>> find the users primary group. It's not clear to me yet that this is
>> really a problem as nothing's been noticed. But, it does concern me,
>> plus it's extra noise in the log files.
>
>
> Now you could fix that by making everyone's primary group some group
> that is defined for the purpose of making samba shut up, but then you'd
> run into this nice issue that using secondary groups in samba with an
> LDAP backend on recent patchlevels is broken.
We use LDAP for many applications, not just samba, for example, login to a
unix host. And, all our permissions are based upon the idea that a user has
their own group. This would be a very large change to our infrastructure that
I don't want to undertake if there's another way.
I did however consider this originally though, but I guess I'm not sure a
single LDAP group with 14,000 members is going to be manageable or scalable
either.
I thought the secondary groups problem was only with Solaris 9, at a specific
patch level? We are using Solaris for file servers but not the PDC and we are
only at Solaris 8. Have I misunderstood the secondary groups problem?
> As a more helpful note, how does using nscd affect your performance issues?
As far as I know, it doesn't. We are running it. However, it's my
understanding that nscd only cache's info that the OS would request via system
calls such as getgrent(), getgrgid(), getgrnam() or initgroups(). Samba makes
it's own LDAP calls directly.
BTW: any app that uses getgrent() exhibits this same behavior. Our mail app
(cyrus) did that and caused our LDAP server to die under the load as well. We
had to go with a similar 'restrict the groups' ldap configuration.
--
Marlys A. Nelson Sr. Network Specialist
Information Technology Services Network Services
University of Wisconsin - River Falls 715/425-4357
410 South Third Street Email: Marlys.A.Nelson at uwrf.edu
River Falls WI 54022 http://www.uwrf.edu/
More information about the samba
mailing list