Hi,
Thank you all for the answers. I'll try to write here answer to everybody that's helping me.
I agree with Malte when he says this is not a samba issue, but it's completely related to samba.
About the slow "group resolution"... All my users used to be in 2 groups "Domain Users" and students|theachers|employees. As I'm not using the second group for access control yet, all users are now only in "Domain Users".
>Is it normal to have 36 slapd process, each using 33 MB? I'm just guessing here, but that doesn't sound right. I don't think you should normally have any more than one, but maybe I'm mistaken. I've never seen it.
What he is almost certainly seeing is threads, not processes, and the 33Mb is cumulative not individual - they are all sharing the 33Mb. This is how Linux displays process information.
That's right... I didn't know that.
For that number of users I think 33Mb is SHOCKINGLY LOW. You need to tune the slapd cache size to let it use more memory.
Also 36 threads is insane, your almost certainly swamping the processor. Limit your threads to something like 10 - 20 using the threads directive in slapd.conf.
I configured the cachesize to 10000 but it's not using more memory. I think it's ok because my ldap store only the posix and samba information. The file /var/lib/ldap/id2entry.gdbm is 37 MB.
I changed the thread to 10 and it's a little faster in the peak time.
>Another thing that may be slowing the ldap is that I need to use scope >=sub
>in my ldap.conf to find users and computers:
So you're saying that in your ldap.conf you have things configured like so?
nss_base_passwd dc=homelan,dc=com,dc=br?sub
With the correct indexes and enough RAM it shouldn't really matter.
Yes I have this in my ldap.conf:
nss_base_passwd dc=ump,dc=edu,dc=br?sub nss_base_shadow dc=ump,dc=edu,dc=br?sub nss_base_group ou=groups,dc=ump,dc=edu,dc=br?one nss_base_hosts ou=computers,dc=ump,dc=edu,dc=br
I didn't change that yet because I like the idea of keeping computers and users separated.
And I'm using this index that took from the howto-collection:
index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub
Is that ok or should I change any thing?
Thank's again!
Bruno Gimenes Pereti.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
