Hello everyone. We have implemented in my company a Samba server authenticating with LDAP. Everything works fine. But the problem is, we have about 10k users/logins in the network, that are allocated in different sectors, which have subsectors, which have sub-sub-sectors and so on. The access control on the drive shares is based on their sectors and [sub(sub...)]sectors. My doubt is, is the Samba's performance be the same if it has to look for a big (HUGE!) LDAP tree? What is the best way for deploying the LDAP tree to achieve the fastest Samba access? For example: 1) Multi-Level Tree sector 1 |---- subsector1 |----sub-sub-sector1 |----ADM |----user-1 |----user-n |----COMMON |----user-100 |----user-m |----sub-sub-sector2 |----ADM |----user-500 |----user-x |----COMMON |----user-1500 |----user-y |----subsector2 sector 2 ...... and so on ********** OR *********** 2) One Level Tree sector 1 |---- user-1 (containing the subsectors and division information as an "attribute") |---- user-n sector 2 .... and so on Well, sorry for the big mail, thanks in advance for any help/ideas. Best, Steve
On Wed, Jul 25, 2007 at 09:39:34AM -0300, Steve Scanavarro wrote:> We have implemented in my company a Samba server authenticating with LDAP. > Everything works fine. > But the problem is, we have about 10k users/logins in the network, that are > allocated in different sectors, which have subsectors, which have > sub-sub-sectors and so on. The access control on the drive shares is based > on their sectors and [sub(sub...)]sectors.As long as your LDAP indexes are ok, there should be no performance problem. You might however want to look at the ldapsam:trusted = yes option that can give a huge speedup for LDAP-based DCs, depending on the rest of your Unix system. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070725/5df2f069/attachment.bin