By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
Created attachment 9059 [details]
Karolin, could you please add the text also to the WHATSNEW file?
There is a change in behaviour of the commands 'wbinfo -u' and 'wbinfo -g'. By default the enumerate all users on all trusted domains which can lead to out of memory condition on large installations. Therefore we change the default to enumerate only over the own domain (the domain winbind is joined too). We still support the old behaviour, you can enable it with:
wbinfo --domain='*' -u
Fixed in Samba 4.2 with 33bce26fcf2e82b9c381eeb32e1d731d3965e22f
(This never got the required review for inclusion into 4.1 while that was still in maintenance)