[Samba] Re: samba w/ ldap - groups scalability and performance
Igor Belyi
sambauser at katehok.ac93.org
Wed Sep 22 23:56:54 GMT 2004
Igor Belyi wrote:
> Marlys Nelson wrote:
>> The PDC appears to request ALL groups from LDAP, using the search
>> (objectclass=sambaGroupMapping). In our case, this is nearly 14,000
>> entries and it can take almost 10 minutes to retrieve those from LDAP
>> when there are hundreds trying at once. Indexing doesn't help in this
>> case because samba is asking for ALL groups.
>> ...
>> Is there any way to make samba do a more targeted lookup of groups,
>> perhaps only those groups where the user is a member?
>
> I'll try to see what I can do.
Ok, here's a patch which changes get_domain_user_groups() to use newly
introduced pdb interface method: enum_user_groups(). Basically, it's
just cut&paste from enum_group_mapping() functions.
Login in my home network does not trigger get_domain_user_groups() to be
called but requests to list user groups does and it returns the correct
result (so at least this patch does not break anything).
Marlys, according to your post get_domain_user_groups() _is_ triggered
during login at your site therefore you should see the improvements
introduced by this patch _if_ listing of all groups during login was the
reason for your performance degradation. Plus, you probably have better
setup to test this patch.
Let me know if it helps,
Igor
More information about the samba
mailing list