On Wed, 17 Sep 2008, Waltari Harri wrote:
Does using "winbind enum ..." affect functionality somehow, like performance-wise? Only difference I've noticed is that "getent xxx" does not return AD users or groups, but eg. "getent group ad-group" does. Still, setting permissions works for AD users. Are there any other implications if it is left out?
It does exactly what you've observed. It's not a behaviour that applications appear to rely on. With a large AD you have no alternative but to not enumerate groups (especially if you're flattening nested groups). I've had no problems with enum off, and lots of performance problems with enum on. Be a member of 100 groups (some of which contain >75000 users) and issue "id". With enum logic on (whether in winbind or nss_ldap) it's not pretty. jh -- "Four boxes to be used in defense of liberty: soap, ballot, jury, ammo - use in that order." -- Ed Howdershelt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
