> I have a suggestion. I think you can partition off the groups by > putting them in sub OU's of your groups OU.
Yes, and you could partition those OUs across servers. > > Alternatively you could use some Balanceing Domain Controllers with > disconnected authentication. This entails setting up Balanceing Domain > Controllers, each with a local LDAP slave server. Makeking everything > local (replicated from the main LDAP server) for each of your BDC's > should improve performance as you can then have several machines > answering requests for groups without them haveing to constantly query > the main LDAP server. Yes, and a BDC without its own replica sort of takes the B out of BDC. If you have sufficient RAM have you tried using a proxy backend, then the redundant group lookups are simply cached and fed back to the client. > > I am having problems with samba and ldap as concerns groups. We have > ... > > perhaps only those groups where the user is a member? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba