[Samba] Samba PDC w/ LDAP & Mass Adding Users

Adam Tauno Williams awilliam at whitemice.org
Thu Jun 30 02:10:27 GMT 2005


> Now, I start the custom Perl script to mass-add users, and it adds 120
> users, and then users stop being added. smbldap-useradd returns no kind of
> error, it almost seems like it thinks it is adding the users, but they
> really aren't getting added after 120 users. The first 120 users seem
> fine. I took a look in the LDAP file, and for the remaining users, it is
> still binding, searching, but doesn't appear to actually add the user
> info:

1.) Make sure you are not using an antique version of OpenLDAP.  For
some totally incomprehensible reason most distributions (especially
RedHat derived ones) ship with very very very old versions of this
software.  SuSe does quite a bit better.
2.) You don't say what versions or backend you are using.  If you are
using a BDB or HDB backend (and you should) you need to make sure your
DB_CONFIG settings are reasonable.  If you are using an LDBM backend
then just give up.
ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdf
3.) Does the "id {username}" still work for a user after it stops
addding-for-read?  Can you perform an ldapsearch, without restarting the
DSA?

> Now, when the group is "full" like this, if I do a 'net groupmap list', I
> get a "Segmentation Fault". Also, when the group is "full", and my script
> is still trying to add users (with smbldap-useradd), stderr is spitting
> out "Segmentation Fault". nscd also seems to be dying and starting again
> after the first 120 users are added. I don't have winbindd, I've also
> disabled nscd caching.

If you've disabled ncsd caching how is nscd crashing?

> I'd appreciated any help with this!
> Also, one more question, I've noticed that for each user, a memberUid
> attribute is created inside the group. I'm assuming this is supposed to
> happen, but why? Does Samba maybe need it this way? Even for the primary
> group it adds an "extra" memberUid attribute for each user? Does this hurt
> performance?

This is required if you want to enumerate members of a group,  it helps
performance.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050629/3d0ffa57/attachment.bin


More information about the samba mailing list