Marlys Nelson wrote:The PDC appears to request ALL groups from LDAP, using the search (objectclass=sambaGroupMapping). In our case, this is nearly 14,000 entries and it can take almost 10 minutes to retrieve those from LDAP when there are hundreds trying at once. Indexing doesn't help in this case because samba is asking for ALL groups.
...
Is there any way to make samba do a more targeted lookup of groups, perhaps only those groups where the user is a member?
I'll try to see what I can do.
Ok, here's a patch which changes get_domain_user_groups() to use newly introduced pdb interface method: enum_user_groups(). Basically, it's just cut&paste from enum_group_mapping() functions.
Login in my home network does not trigger get_domain_user_groups() to be called but requests to list user groups does and it returns the correct result (so at least this patch does not break anything).
Marlys, according to your post get_domain_user_groups() _is_ triggered during login at your site therefore you should see the improvements introduced by this patch _if_ listing of all groups during login was the reason for your performance degradation. Plus, you probably have better setup to test this patch.
Let me know if it helps, Igor
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
