Hi We have been experiencing performance issues with the 4 Samba4 (currently installed version 4.20.4) AD DC domain controllers for a while. We have tested various options, including hidden ones that were not documented. The LDB indices help a bit, but typically on Mondays, when the most customers log in, there is 100% CPU usage by one LDAP process and high RPC process load. The domain controller appears to freeze for a period of time and cannot handle requests. Even logging in via SSH with the root user (which authenticates through the local passwd) is not possible during this time. The server eventually recovers after a while, but of course, this has restrictive effects on the entire production environment. We believe the issue lies with the LDAP processes, which, it seems, do not scale very well. We have till 16 CPU cores and plenty of RAM on each system. By starting with prefork children=64, we spawn some subprocesses, but this didn?t really solve the performance issue either. The underlying operating system is Debian 11, and the ulimits (open files) don?t seem to be a problem because otherwise dmesg would show kernel messages. We also do not have any I/O, RAM, or CPU issues. Our environment comprises around 4000-5000 clients spread across 4 domain controllers. Most of the clients use Samba file server services and many third-party applications that authenticate through LDAP and via saslauthd on Active Directory. our smb.conf: [global] netbios name = ### realm = ### workgroup = ### server role = active directory domain controller idmap_ldb:use rfc2307 = yes comment template homedir = /home/%U template shell = /bin/bash ldap server require strong auth = No # WICHTIG: Radius ntlm_auth ntlm auth = Yes log level = auth_json_audit:0 auth_audit:3 #ldb:3@/var/log/ldb.log logging = syslog password hash gpg key ids = "xyz" dns forwarder = a.b.c.d dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool logon script = login.bat panic action = /opt/samba/bin/panicRestartSamba.sh dns zone transfer clients allow = aaa bbbb prefork children = 64 server min protocol = SMB2_10 dbindex:objectClass = yes dbindex:uid = yes dbindex:uidNumber = yes dbindex:gidNumber = yes dbindex:memberUid = yes dbindex:sAMAccountName = yes ldb:max-cachesize = 10000000 ldap timeout = 2 ldap replication sleep = 1000 Are there any performance parameters for LDB databases or an alternative to LDB for better scalability? Thanks for any help Hubert --- Hubert Kr?ss Systeme | sistemi S?dtiroler Gemeindenverband Genossenschaft | Consorzio dei Comuni della Provincia di Bolzano Societ? Cooperativa I ? 39100 Bozen | Kanonikus-Michael-Gamper-Stra?e 10 | I ? 39100 Bolzano | via Canonico Michael Gamper 10 T. - +39 0471 304 634 info at gvcc.net | https://www.gvcc.net Gem?? und f?r die Zwecke der Artikel 12, 13 und 14 der EU-Verordnung 679/2016 finden Sie die Informationen zum Schutz personenbezogener Daten unter folgendem Link: www.gvcc.net/de/Service/Web/Datenschutz Ai sensi e per gli effetti degli artt. 12, 13 e 14 del Regolamento UE 679/2016 l?informativa relativa alla protezione dei dati personali ? reperibile al seguente link: www.gvcc.net/it/Service/Web/Privacy<http://www.gvcc.net/it/Service/Web/Privacy>