[Samba] Best way to access the AD database from scripts
Prunk Dump
prunkdump at gmail.com
Sat Feb 6 10:35:15 UTC 2021
Thank you very much Rowland ! Sorry for my late reply. I have so much
work this week.
So with your advice I will move all my winbind and nsswitch calls to
some ldbseach calls.
Thanks again !
Baptiste.
Le jeu. 4 févr. 2021 à 11:08, Rowland penny via samba
<samba at lists.samba.org> a écrit :
>
> On 04/02/2021 09:50, Prunk Dump via samba wrote:
> > Hello Samba Team and users !
> >
> > I wrote some scripts that interoperate with samba to manage users,
> > groups and some other AD objects. Everything works fine and I now want
> > to improve performance.
> >
> > So I would like to know what is the best way in terms of performance
> > to read user/group/ou informations :
> > -> as domain controller
> > and
> > -> as domain member
> >
> > It would be great also if the access has no latency. For example, as a
> > domain controller, wbinfo sometimes continues to give user information
> > just after deleting the user with samba-tool.
> >
> > Is this better to use :
> >
> > ldbsearch and access to sam.ldb directly ?
> > samba-tool ?
> > winbind with wbinfo ?
> > winbind with nsswitch tools : uid, getent, ... ?
> > the ldap:// protocol ?
> > the samba python library ?
> > net command ?
> > other ?
> >
> > Thanks if someone can help me !
> >
> > Regards,
> >
> > Baptiste.
> >
>
> Your problem isn't so much as how you do this, as where you do it
>
> AD uses replication, which is usually pretty fast, but sometimes it
> isn't. This means that if you delete a user on one DC and replication is
> slow, the user may still exist on another DC. Using wbinfo has its own
> problems because it may be reading from a cache and this could still
> contain deleted objects.
>
> It doesn't matter if you use ldbsearch, ldapsearch or samba-tool, just
> as longer as you do all modifications on the same DC, the PDC_Emulator
> for instance.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list