On Sat, Nov 02, 2002 at 06:36:47PM +1100, Andrew Bartlett wrote: > I've just committed a patch that adds a new 'ldap trust ids' smb.conf > option.
> Currently defaulting to off, this option allows pdb_ldap to use the ldap > server directly to determine if a user 'exists' in unix. > This gives us a performance boost, particularly on enumerations: > (Removes the extra lookup per record). > The logic is such that if there are no posixAccount attributes for a > user, we try getpwnam(), it's just that we look in LDAP first. > As such, do people think we should have this by default? > This was a fix to solve some particular problems that metze had, and > I'll see if I can get some feedback on exactly how much this helps. This seems terribly kludgy to me. There's a lot that can be done to optimize unix username lookups without violating the abstraction (e.g., nscd). I particularly don't think this should be used for anything that involves *enumerating* users, as the most frequent NSS configuration involving LDAP is to reference both LDAP *and* local files; so enumerating via the Unix calls may give different results than doing so via the LDAP calls. Steve Langasek postmodern programmer
msg04254/pgp00000.pgp
Description: PGP signature