[samba] samba is killing our LDAP

Andrew Bartlett abartlet at samba.org
Wed Apr 13 21:56:43 GMT 2005

On Wed, 2005-04-13 at 09:04 -0600, John H Terpstra wrote:
> On Wednesday 13 April 2005 06:09, Andrew Bartlett wrote:
> > First, that's not Samba directly, that is nss_ldap.  Some bright bit of
> > code is doing 'getent passwd' or the equivalent.   Now, this may be
> > triggered by Samba, and if your LDAP server is internally consistent
> > (all the things Samba cares about are in ldap), then you should try
> > setting 'ldapsam:trusted = yes' in your smb.conf.  This is meant to be
> > better with current Samba3 over 3.0.11, but that version does include an
> > older version of the code.
> Andrew,
> What should I document in the HOWTO regarding the ldapsam:trusted parameter?

VL knows all the details - it's his hack, and it's an experiment at this
point.  The basic idea is this - if everything that Samba wants to know
about users (in particular the nobody user and their primary group) are
represented as LDAP objects, in addition or replacement to entries
in /etc/passwd and /etc/group), and have the appropriate Samba
attributes attached (sambaGroupMapping and sambaSamAccount) then Samba
can be much faster in the way it handles certain client lookups.  (It
can construct just one ldap query, and not refer via NSS for certain

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050414/8cbc0944/attachment.bin

More information about the samba mailing list