On Pén, Március 4, 2005 17:59, Volker Lendecke mondta: > On Mon, Feb 28, 2005 at 08:11:44AM -0600, Gerald (Jerry) Carter wrote: >> Volker still owes some docs on it as far as I know. > > By default, Samba as a Domain Controller with an LDAP backend needs to use > the > Unix-style NSS subsystem to access user and group information. Due to the > way > Unix stores user information in /etc/passwd and /etc/group this inevitably > leads to inefficiencies. One important question a user needs to know is > the > list of groups he is member of. The plain Unix model involves a complete > enumeration of the file /etc/group and its NSS counterparts in LDAP. In > this > particular case there often optimized functions are available in Unix, but > for > other queries there is no optimized function available. > > To make Samba scale well in large environments, the ldapsam:trusted=yes > option > assumes that the complete user and group database that is relevant to > Samba is > stored in LDAP with the standard posixAccount/posixGroup model, and that > the > Samba auxiliary object classes are stored together with the the posix data > in > the same LDAP object. If these assumptions are met, ldapsam:trusted=yes > can be > activated and Samba can completely bypass the NSS system to query user > information. Optimized LDAP queries can speed up domain logon and > administration tasks a lot. Depending on the size of the LDAP database a > factor > of 100 or more for common queries is easily achieved.
is this means samba with ldap can work without nss_ldap? if it's true it can be a very important new features and can made 'samba with ldap' configuration much easier! imho in this case it should have to documented and highlighted in the release notes! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
