I've just committed a patch that adds a new 'ldap trust ids' smb.conf option.
Currently defaulting to off, this option allows pdb_ldap to use the ldap server directly to determine if a user 'exists' in unix. This gives us a performance boost, particularly on enumerations: (Removes the extra lookup per record). The logic is such that if there are no posixAccount attributes for a user, we try getpwnam(), it's just that we look in LDAP first. As such, do people think we should have this by default? This was a fix to solve some particular problems that metze had, and I'll see if I can get some feedback on exactly how much this helps. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
