[Samba] Re: samba w/ ldap - groups scalability and performance

Adam Tauno Williams adam at morrison-ind.com
Wed Sep 22 10:32:36 GMT 2004

> I have a suggestion.  I think you can partition off the groups by 
> putting them in sub OU's of your groups OU.

Yes, and you could partition those OUs across servers.
> Alternatively you could use some Balanceing Domain Controllers with 
> disconnected authentication. This entails setting up Balanceing Domain 
> Controllers, each with a local LDAP slave server. Makeking everything 
> local (replicated from the main LDAP server) for each of your BDC's 
> should improve performance as you can then have several machines 
> answering requests for groups without them haveing to constantly query 
> the main LDAP server.

Yes, and a BDC without its own replica sort of takes the B out of BDC.

If you have sufficient RAM have you tried using a proxy backend,  then the
redundant group lookups are simply cached and fed back to the client.

> > I am having problems with samba and ldap as concerns groups.  We have 
> ...
> > perhaps only those groups where the user is a member?

