[Samba] High cpu load on LDAP
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Jan 23 01:49:06 UTC 2025
On 22/01/25 19:54, Heinz Hölzl via samba wrote:
> hi,
>
>
> here is the number of member assignments:
>
> regards,
> Heinz
>
> ldbsearch -H /usr/local/samba/private/sam.ldb | \
> grep -o -C1 '^member\b' | uniq -c | grep member | sort -n
I guess adding another `| uniq -c` at the end of that would save
scrolling. And something like
ldbsearch -H /usr/local/samba/private/sam.ldb | \
grep -oP '(member:)|(dn:.+)' | uniq -c | grep -PB1 '\d\d\d member:'
will show you the big groups, which might help confirm that this
greppery is correct.
Anyway,
[...]
> 174 member
> 175 member
> 179 member
> 222 member
> 275 member
> 408 member
> 530 member
> 604 member
> 694 member
> 785 member
That's not too bad.
As Denis Cardon said in
https://lists.samba.org/archive/samba/2024-October/249848.html, "you
shouldn't go beyond a few thousand members" and you don't.
So it comes down to the other thing he mentions, LDAP responses that are
just really big.
In this other recent message
https://lists.samba.org/archive/samba/2025-January/250841.html
I was noticing that you have a lot of these requests:
> ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
> ipv4:192.168.48.87:33768 filter:
> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
> scope: [SUB] result: Success
which to me looks like multiple clients repeatedly asking for 90% of the
database. Maybe they can behave better.
cheers,
Douglas
More information about the samba
mailing list