[Samba] samba w/ ldap - groups scalability and performance

Marlys Nelson Marlys.A.Nelson at uwrf.edu
Sun Sep 19 17:11:32 GMT 2004


Paul Gienger wrote:
> 
>> in the logs.  This is correct because I'm no longer allowing samba to 
>> find the users primary group.  It's not clear to me yet that this is 
>> really a problem as nothing's been noticed.  But, it does concern me, 
>> plus it's extra noise in the log files.
> 
> 
> Now you could fix that by making everyone's primary group some group 
> that is defined for the purpose of making samba shut up, but then you'd 
> run into this nice issue that using secondary groups in samba with an 
> LDAP backend on recent patchlevels is broken.

We use LDAP for many applications, not just samba, for example, login to a 
unix host.  And, all our permissions are based upon the idea that a user has 
their own group.  This would be a very large change to our infrastructure that 
I don't want to undertake if there's another way.

I did however consider this originally though, but I guess I'm not sure a 
single LDAP group with 14,000 members is going to be manageable or scalable 
either.

I thought the secondary groups problem was only with Solaris 9, at a specific 
patch level?  We are using Solaris for file servers but not the PDC and we are 
only at Solaris 8.  Have I misunderstood the secondary groups problem?

> As a more helpful note, how does using nscd affect your performance issues?

As far as I know, it doesn't.  We are running it.  However, it's my 
understanding that nscd only cache's info that the OS would request via system 
calls such as getgrent(), getgrgid(), getgrnam() or initgroups().  Samba makes 
it's own LDAP calls directly.

BTW: any app that uses getgrent() exhibits this same behavior.  Our mail app 
(cyrus) did that and caused our LDAP server to die under the load as well.  We 
had to go with a similar 'restrict the groups' ldap configuration.

-- 
Marlys A. Nelson                      Sr. Network Specialist
Information Technology Services       Network Services
University of Wisconsin - River Falls 715/425-4357
410 South Third Street                Email: Marlys.A.Nelson at uwrf.edu
River Falls  WI  54022                http://www.uwrf.edu/



More information about the samba mailing list