Hello everyone.
We have implemented in my company a Samba server authenticating with LDAP.
Everything works fine.
But the problem is, we have about 10k users/logins in the network, that are
allocated in different sectors, which have subsectors, which have
sub-sub-sectors and so on. The access control on the drive shares is based
on their sectors and [sub(sub...)]sectors.
My doubt is, is the Samba's performance be the same if it has to look for a
big (HUGE!) LDAP tree? What is the best way for deploying the LDAP tree to
achieve the fastest Samba access? For example:
1) Multi-Level Tree
sector 1
|---- subsector1
|----sub-sub-sector1
|----ADM
|----user-1
|----user-n
|----COMMON
|----user-100
|----user-m
|----sub-sub-sector2
|----ADM
|----user-500
|----user-x
|----COMMON
|----user-1500
|----user-y
|----subsector2
sector 2
...... and so on
********** OR ***********
2) One Level Tree
sector 1
|---- user-1 (containing the subsectors and division information as an
"attribute")
|---- user-n
sector 2
.... and so on
Well, sorry for the big mail, thanks in advance for any help/ideas.
Best,
Steve
On Wed, Jul 25, 2007 at 09:39:34AM -0300, Steve Scanavarro wrote:> We have implemented in my company a Samba server authenticating with LDAP. > Everything works fine. > But the problem is, we have about 10k users/logins in the network, that are > allocated in different sectors, which have subsectors, which have > sub-sub-sectors and so on. The access control on the drive shares is based > on their sectors and [sub(sub...)]sectors.As long as your LDAP indexes are ok, there should be no performance problem. You might however want to look at the ldapsam:trusted = yes option that can give a huge speedup for LDAP-based DCs, depending on the rest of your Unix system. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070725/5df2f069/attachment.bin