[Samba] High cpu load on LDAP

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Thu Jan 23 01:08:18 UTC 2025


On 9/01/25 06:27, Marco Gaiarin via samba wrote:
> Mandi! Douglas Bagnall via samba
>    In chel di` si favelave...
> 
> Sorry for the late answer and thanks for all the post.
> 
>> Samba AD does not do this rephrasing, probably because in the distant
>> past (a) it was not used at scale, (b) we didn't trust our backlinks,
>> and (c) we didn't think of it. We could/should do it now, but it will
>> take a bit of work.
> 
> But a question still sound on me: if i enable index on Members, i can brake
> something?
> 
> Brake mean 'per se' (eg, Samba does not work anymore) or in 'compatibility'
> (eg, some AD-enabled apps and client does not work anymore).

I don't *think* you will break anything. Two situations spring to mind 
in which it might be dangerous:

1. Your Samba AD LDB is using a TDB backend, and the database size is 
getting close to 4GB. The extra indexes could push it over the limit.

2. You have a mixed domain with Windows DCs. We don't know how Windows 
will react to member being indexed. Probably mostly fine.

Otherwise it comes down to the question of whether Samba has places 
where it fatally assumes member is not indexed. I don't think so, but 
sometimes I forget a few millions of lines here or there, so it is possible.

Indexing should be transparent to clients. It's just a question of 
getting the answer faster or slower.

Douglas




More information about the samba mailing list