Hi all, We have samba 3.0.11 installed on suse 9.2, we are in the middle of a project of rolling out samba to about 15,000 users in our university, samba is configured to auth via LDAP (Sun One Directory Server 5.2), For some reason samba is doing this query... [13/Apr/2005:10:41:04 +0100] conn=9823 op=2 msgId=3 - SRCH base="dc=sunderland,dc=ac,dc=uk" scope=2 filter="(objectClass=posixAccount)" attrs="uid userPassworduidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" and its requesting 47477 entries from ldap, its doing this every few minutes?? this is causing errors about "un-indexed queries" and we think this may be helping our LDAP server crashing :( We have looked through the source code cant find any function which is doing this search...?? any help would be appreciated! Kind Regards -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated.
On Wed, 2005-04-13 at 12:47 +0100, Daniel Wilson wrote:> Hi all, > > We have samba 3.0.11 installed on suse 9.2, we are in the middle of a > project of rolling out samba to about 15,000 users in our university, > samba is configured to auth via LDAP (Sun One Directory Server 5.2), > > For some reason samba is doing this query... > > [13/Apr/2005:10:41:04 +0100] conn=9823 op=2 msgId=3 - SRCH > base="dc=sunderland,dc=ac,dc=uk" scope=2 > filter="(objectClass=posixAccount)" attrs="uid userPassworduidNumber > gidNumber cn homeDirectory loginShell gecos description objectClass"First, that's not Samba directly, that is nss_ldap. Some bright bit of code is doing 'getent passwd' or the equivalent. Now, this may be triggered by Samba, and if your LDAP server is internally consistent (all the things Samba cares about are in ldap), then you should try setting 'ldapsam:trusted = yes' in your smb.conf. This is meant to be better with current Samba3 over 3.0.11, but that version does include an older version of the code. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050413/fd616b61/attachment.bin
> What should I document in the HOWTO regarding the > ldapsam:trusted parameter?Well... I have been trying to find out what it actually does and how it works and what it requires, but can't seem to find anything. (only that it apparently results in performance improvements) (in the release notes: "More performance improvements when using Samba/OpenLDAP based DC's via the 'ldapsam:trusted=yes' option.") Mourik Jan