[Samba] Possible problem w/ 'idmap restore' under 3.0.25rc3

Don Meyer dlmeyer at uiuc.edu
Sat May 5 00:14:49 GMT 2007

At 06:00 PM 5/4/2007, simo wrote:
>Sorry for the problem, this slipped through during recent patches to fix
>the sid checking layer violation and the idmap offline code.

No problem.

I may have another for you, however.   This patch enables me to 
successfully restore when using a tdb backend.  However, when using 
idmap_ldap, it seems that winbind is opening a connection to the ldap 
server and not closing it for many updates/queries.

When I try 'net idmap restore' when using idmap_ldap, the command 
will plug away until the ldap server starts complaining "accept(8) 
failed errno=24 (Too many open files)".   netstat -aln shows around 
1000 open connections from winbind on another system. (The one with 3.0.25rc3+)

When "watching" netstat on the ldap server system, each query to 
winbind that one would expect it to talk to the ldap server generates 
a new TCP session which hangs around until winbind is 
restarted.  (Granted, I have not wait more than 10 minutes yet, but 
this seems a bit extreme...)    For instance, after winbindd restart, 
the first 'getent passwd user1' request opens a session.   Running 
that command again does not.  (Cached)  Running 'getent passwd user2' 
opens another session, etc.  This occurs whether the UID is already 
present, or if it needs to be added new.

If you need more information on any of this, just let me know.   It 
seems so close... ;-)


Don Meyer                                           <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 

More information about the samba mailing list