[Samba] High cpu load on LDAP

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Thu Jan 23 01:49:06 UTC 2025


On 22/01/25 19:54, Heinz Hölzl via samba wrote:
> hi,
> 
> 
> here is the number of member assignments:
> 
> regards,
> Heinz
> 
> ldbsearch -H /usr/local/samba/private/sam.ldb | \
> grep -o -C1 '^member\b' | uniq -c | grep member | sort -n

I guess adding another `| uniq -c` at the end of that would save 
scrolling. And something like

ldbsearch -H /usr/local/samba/private/sam.ldb  | \
   grep -oP '(member:)|(dn:.+)' | uniq -c | grep -PB1 '\d\d\d member:'

will show you the big groups, which might help confirm that this 
greppery is correct.

Anyway,

[...]
> 174 member
> 175 member
> 179 member
> 222 member
> 275 member
> 408 member
> 530 member
> 604 member
> 694 member
> 785 member

That's not too bad.

As Denis Cardon said in 
https://lists.samba.org/archive/samba/2024-October/249848.html, "you 
shouldn't go beyond a few thousand members" and you don't.

So it comes down to the other thing he mentions, LDAP responses that are 
just really big.

In this other recent message
https://lists.samba.org/archive/samba/2025-January/250841.html
I was noticing that you have a lot of these requests:

>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
> ipv4:192.168.48.87:33768 filter:
> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
> scope: [SUB] result: Success 

which to me looks like multiple clients repeatedly asking for 90% of the 
database. Maybe they can behave better.

cheers,
Douglas




More information about the samba mailing list