samba-tool ldapcmp hangs when too much objects in Samba database

mathias dufresne infractory at gmail.com
Fri Oct 30 08:51:56 UTC 2015 

Hey,

I tried to use ldapcmp using tdb:// rather than ldap:// and the process
finished successfully. I copied the whole private directory from one DC to
the one where the ldapcmp was performed.

Hoping this could help when someone would dig into that issue.

Now I'll try the same through NFS rather than copying files, trying to get
a better workaround than using a copy.

Best regards,

mathias

2015-10-28 14:17 GMT+01:00 mathias dufresne <infractory at gmail.com>:

> Hi all,
>
> samba-tool ldapcmp always hangs when database contains too much object.
> This happened to me only when checking "domain" using that tool, most
> certainly because I have very few objects in others contexts.
>
> The limit seems to be around 40 000 objects. That limit was defined by
> running samba-tool ldapcmp on a new domain on which I pushed users by
> bunches of 500 users, until the command refuse to finish successfully.
>
> As a workaround an option is to avoid containers with more than a certain
> amount of object, with this amount less than 40 000, then to proceed with
> ldapcmp on each container declared in AD with a scope equal to "one", to
> not check this containers recursively.
>
> The main bad point of this workaround is time needed to compare the whole
> tree. This tool is already needing an amount of time relatively important
> to succeed, I don't expect launching it once on each AD container to be
> something which would accelerate that process.
>
> I fully understand that kind of issue only happen for big company which
> have enough objects to include in AD and I totally agree that kind of
> company which is big enough can raise funds to help open source software to
> be developed when they need some improvement.
> So I asked the company I'm working for to raise funds and they are
> discussing internally for months now about that funds raising, things are
> going further, but very slowly.
>
> So the question is the following: did someone have noticed such an issue
> and/or did someone have an idea on how to improve that?
>
> Thanks and regards,
>
> mathias
>

More information about the samba-technical mailing list