[Samba] samba4 schema for openldap

Таболин Юрий tabolin at speechpro.com
Thu Dec 17 19:25:19 UTC 2015

17.12.2015 0:28, Nigel W пишет:
> Assuming the DNS for the site is setup correctly, the srv records should be
> evenly spreading the load among the servers on the site that the client is
> on.
> With Windows based domain the answer to this question is either fix your
> ldap client to use the SRV records and not use only the DC with the PDC
> Emulator role, or add more DCs to the site.  I would assume the answer is
> the same for a Samba domain.
> Though I would be interested in understanding how the OP came to the
> conclusion that they need to cache the LDAP queries.
> Thanks,

I have many services which use only ldap for authentication. There I 
must specify only A dns records of my ldap DC servers. In times of peak 
load DCs can't handle the load. Openldap proxy allows to cache simple 
requests and reduce load to DCs.

For example the ldap search filter 
(&(objectClass=user)(sAMAccountName=<username>)). Measured in apache jmeter:

openldap - 1075.8 requests/sec

samba ldap - 30.3 req/sec

openldap proxy to samba (from cache) – 391.6 req/sec

> On Wed, Dec 16, 2015 at 1:54 PM, Lee Brown <leeb at ratnaling.org> wrote:
>> On Wed, Dec 16, 2015 at 12:40 PM, Таболин Юрий <tabolin at speechpro.com>
>> wrote:
>>> 16.12.2015 22:47, Rowland penny пишет:
>>>> On 16/12/15 19:35, Rowland penny wrote:
>>>>> On 16/12/15 19:02, Таболин Юрий wrote:
>>>>>> Hi all.
>>>>>> I have samba 4.2.3 on freebsd 10.1 server. There are three DC and
>> about
>>>>>> 350 PC on domain. I wrote earlier that samba4 ldap performance is not
>>>>>> enough for me. Now I want to try a server in the middle with openldap
>>>>>> pcache - ldap cache proxy function. But it only works with appropriate
>>>>>> openldap schema. Where I can find samba4 openldap schema? I'm going to
>>>>>> cache simple queries such as
>>>>>> (&(objectClass=user)(sAMAccountName=username))
>>>>>> I will have enough and the simplified schema. Thanks!
>>>>> Not sure there is one, there is some work going on to get samba4
>> working
>>>>> with LDAP instead of the builtin ldap server, but it has gone quiet
>> lately,
>>>>> not this means anything really. I understand that initially, Samba
>> tried to
>>>>> use LDAP but could not get it to work, so had to go with their own
>> built in
>>>>> ldap server. If you want to attempt something, you could do worse than
>>>>> looking in the setup directory that samba installs.
>>>>> Rowland
>>>> And then after I posted. I thought, I wonder if he didn't actually mean
>>>> the AD schema, so did a quick google and within 10 seconds I found this:
>>>> https://haroonferoze.wordpress.com/2012/11/26/openldap/
>>>> Rowland
>>>> I have seen this article earlier, but there is setup only proxy without
>>> cache. Similarinstructionshere
>>> https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD . That's not
>>> whatI need.
>>> Would using HAProxy to spread the load across the 3 DC's help at all?
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

With best regards,

Tabolin Yuriy
System administrator
Speech Technology Center

More information about the samba mailing list