* "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> nulis: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Andrew Bartlett wrote: > > > Naturally, this just means you need to give nss_ldap the same ldap base > > DN to search under as samba is using. Naturally, if nss_ldap only looks > > under ou=people, then it's not going to work, but I set my base dn to > > just 'dc=hawkerc,dc=net', and carry the minor cost of a possible search > > against other ou's that might not contain accounts. > > Right. And my only point is that for large directories this > cost can be non-zero. So IMO we need to redisgn the LDAP suffix and > searches in Samba altogether to be more localized and efficient.
Thats correct, even I did not implement samba yet, but under high traffic on my email system, it can easily killing my openldap. IMO nss_ldap ldap queries is unefficient, so I'm bypassing any pam call whenever possible (not possible with samba I think). But putting machine account under same container as user account is also umm..., not elegant :-) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba