[Samba] High cpu load on LDAP
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Nov 21 23:16:00 UTC 2024
On 20/11/24 21:44, Heinz Hölzl wrote:
> hi,
>
>> It is possible to tell Samba to index 'member'.
>
> How i can do this?
>
> dbindex:member = yes in smb.conf ??
>
No, that has no effect.
If you run
ldbsearch -s base -b @INDEXLIST
you will see a list of "@IDXATTR" attributes. You need to modify it so
that there is one saying:
@IDXATTR: member
and trigger a reindex.
The thing that determines whether an attribute is indexed its schema
definition has an odd number (or in some versions, the string
"fATTINDEX") for the searchFlags attribute.
There is this samba-tool command:
samba-tool schema attribute \
modify \
member \
--searchflags="fATTINDEX" \
--option="dsdb:schema update allowed = true"
Notice the last option. Without it samba-tool will refuse to do anything
because this kind of modification is perhaps NOT SAFE.
I wouldn't do this in production without trying it first in a lab domain.
Others here might have actual experience.
Douglas
More information about the samba
mailing list