Bug 3024 - [PATCH] winbind nss user/grouplist fails with large ad user count
Summary: [PATCH] winbind nss user/grouplist fails with large ad user count
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.20
Hardware: All All
: P1 major
Target Milestone: 3.0.25
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
: 3660 (view as bug list)
Depends on:
Blocks: 3660
  Show dependency treegraph
Reported: 2005-08-22 08:14 UTC by Johann Hanne
Modified: 2007-05-11 20:09 UTC (History)
3 users (show)

See Also:

Proposed patch (1004 bytes, patch)
2005-08-22 08:15 UTC, Johann Hanne
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Johann Hanne 2005-08-22 08:14:56 UTC
There is a bug in winbind/nss: When there are MANY (1000+ here) AD users and 
FEW (20 here) of them actually have a unix mapping (we use idmap_ad with 
uidNumber attributes), listing the users ("getent passwd") and groups fails. 
The reason is that winbindd_getpwent (nsswitch/winbindd_user.c) and 
winbindd_getgrent (nsswitch/winbindd_group.c) fetch users/groups in chunks of 
250 by default. If there is no unix-mapped user within a chunk, it will fail 
without further searching the user list. The attached patchs changes the 
behaviour to fetch users until there are 250 users who have actually a 
Comment 1 Johann Hanne 2005-08-22 08:15:28 UTC
Created attachment 1396 [details]
Proposed patch
Comment 2 Bob Gautier (550 Unknown Recipient) 2006-04-10 04:10:29 UTC
See also BZ#3660?
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-04-20 07:51:19 UTC
*** Bug 3660 has been marked as a duplicate of this bug. ***
Comment 4 Jeremy Allison 2007-05-11 20:09:21 UTC
Correct - thanks. I've fixed in SAMBA_3_0, SAMBA_3_0_25 and SAMBA_3_0_26 trees. Probably too late for 3.0.25 but will make any subsequent release.