[Samba] High cpu load on LDAP
Marco Gaiarin
gaio at lilliput.linux.it
Wed Dec 11 12:02:27 UTC 2024
Mandi! Douglas Bagnall via samba
In chel di` si favelave...
I've noted that there's no info on samba wiki on index manipulation. And
i've some doubt.
> If you run
> ldbsearch -s base -b @INDEXLIST
> you will see a list of "@IDXATTR" attributes. You need to modify it so
> that there is one saying:
> @IDXATTR: member
OK, i've 'member' not indexed:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b @INDEXLIST | grep -i member
@IDXATTR: msDS-Cached-Membership-Time-Stamp
> and trigger a reindex.
With:
samba-tool dbcheck --reindex
rigth?!
> The thing that determines whether an attribute is indexed its schema
> definition has an odd number (or in some versions, the string
> "fATTINDEX") for the searchFlags attribute.
> There is this samba-tool command:
> samba-tool schema attribute \
> modify \
> member \
> --searchflags="fATTINDEX" \
> --option="dsdb:schema update allowed = true"
In the past i've added index (eg, for an added 'lasr draft' schema) as:
ldbedit -H /var/lib/samba/private/sam.ldb -b CN=mailLocalAddress,CN=Schema,CN=Configuration,DC=ad,DC=mydomain,DC=it --option="dsdb:schema update allowed"=true
and adding:
searchFlags: 1
it is the same? It is safest to use 'samba-tool'?
But the more general question is: AFAIK the Samba AD schema is as compatible
as possible to the MS AD schema; so MS AD schema have no 'member' index by
default? And if true, why?
Or MS AD have no 'index' concept whatsoever and manage AD performance in
other way?
Thanks.
--
More information about the samba
mailing list