The SAMBA-LDAP-PDC Howto

15

Revision : 1.24

Real life considerations

Now we’ve detail how to set up your brand new PDC-Killer prototype, we’re ready to go
further: the real life, the one where users don’t care about looking for solutions to a given
problem, but will first consider they’ve got one and you’re the guilty :-)
To struggle in this pleasant world, you should have a look on the following considerations :
they may help you.
First, if this HOWTO was your fist approach with Samba and OpenLDAP, you should have a
look on:
• a very good OpenLDAP brief by Adam Williams available at ftp://kalamazoolinux.
org/pub/pdf/ldapv3.pdf: an excellent presentation/briefing on OpenLDAP on the Linux
Platform.
• the OpenLDAP project website,
• the Samba project website,
• numerous documentation (printed or not) done on these two topics (Teach Yourself
Samba in 24 hours for example).

15.1
15.1.1

Performance
Lower Log Level in production

When everything is okay with you configuration, you are strongly encouraged to lower log
levels for better performance.
Best practices are to activate debuging logs only when you want to investigate a potential
problem, and stay with low log level (or no log at all if you’re seeking maximum performance)
during exploitation time (most of the time as Samba really a robust implementation, thank’s
to the Samba Team).
Here’s is an example of a standard exploitation mode log management parameters for a Samba
server :
1
2
3

log file = /var/log/samba/%m.log
log level = 0
max log size = 5000

15.1.2

OpenLDAP tunning

You should consider indices on your directory server. For OpenLDAP, the following should be
ok for a PDC like the one we described in this HOWTO:
1
2
3

# index
index
objectClass,rid,uid,uidNumber,gidNumber,memberUid
index
cn

eq
eq,subinitial

page 38/56