> >>b) We are going to be missing out on fun things like > >>"ldapsam:trusted=yes" by staying with ldapsam_compat
I believe so. > >I would suggest looking into speed improvements (such as the continuing > >work on this) before breaking your ldap into tiny pieces. One domain > >really should be the way to do this. > I know :-/ > Is 20,000+ users in a domain something that samba can do quickly yet? As > far as I know we've done all the standard things - indexes in openldap, > nscd on the PDC & quick hardware. Openldap is certainly quick enough - > the entire people OU comes back in about 5-6 seconds, so I've run out of > obvious things to tweak. Is ldapsam *that much* quicker than > ldapsam_compat for large numbers of users? I think trusted=yes would make a big difference, also if possible use LDAP over a domain socket ldapi:/// rather than a network socket. But no matter what I think enumerating that many users is going to be slow; I'm curious why you have to enumerate all the users, in the security tab don't you perform a search? Also make sure all you user's groups match to a samba mapped group; we saw awhile ago that having Samba users in groups that weren't mapped seemed to slow things down inside Samba somewhere. (Maybe this is resolved in more recent versions, this was awhile ago).
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
