Guys. Should I add this to the HOWTO at this time? If so, should it go under the chapter on group handling?
Jerry, are you intent on expanding this in any way? - John T. On Friday 04 March 2005 09:59, Volker Lendecke wrote: > On Mon, Feb 28, 2005 at 08:11:44AM -0600, Gerald (Jerry) Carter wrote: > > Volker still owes some docs on it as far as I know. > > By default, Samba as a Domain Controller with an LDAP backend needs to use > the Unix-style NSS subsystem to access user and group information. Due to > the way Unix stores user information in /etc/passwd and /etc/group this > inevitably leads to inefficiencies. One important question a user needs to > know is the list of groups he is member of. The plain Unix model involves a > complete enumeration of the file /etc/group and its NSS counterparts in > LDAP. In this particular case there often optimized functions are available > in Unix, but for other queries there is no optimized function available. > > To make Samba scale well in large environments, the ldapsam:trusted=yes > option assumes that the complete user and group database that is relevant > to Samba is stored in LDAP with the standard posixAccount/posixGroup model, > and that the Samba auxiliary object classes are stored together with the > the posix data in the same LDAP object. If these assumptions are met, > ldapsam:trusted=yes can be activated and Samba can completely bypass the > NSS system to query user information. Optimized LDAP queries can speed up > domain logon and > administration tasks a lot. Depending on the size of the LDAP database a > factor of 100 or more for common queries is easily achieved. > > Volker -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
