make 'ldap trust ids' the default?
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Sat Nov 2 08:06:01 GMT 2002
On Sat, 2 Nov 2002, Andrew Bartlett wrote:
> I've just committed a patch that adds a new 'ldap trust ids' smb.conf
> option.
>
> Currently defaulting to off, this option allows pdb_ldap to use the ldap
> server directly to determine if a user 'exists' in unix.
>
> This gives us a performance boost, particularly on enumerations:
> (Removes the extra lookup per record).
>
> The logic is such that if there are no posixAccount attributes for a
> user, we try getpwnam(), it's just that we look in LDAP first.
>
> As such, do people think we should have this by default?
NO !
> This was a fix to solve some particular problems that metze had, and
> I'll see if I can get some feedback on exactly how much this helps.
and what's next ? Can I commit an ugly hack i'm using 'cause SCO
openserver doesn't support username longer than 8 chars ?
can't we also add a "don't check unix security at all" smb.conf parameter
that default to yes ?
J.F.
More information about the samba-technical
mailing list