Re: [Samba] LDB object number limitations
- Date: Sat, 28 Oct 2017 13:33:50 +0200
- From: Ervin Hegedüs via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] LDB object number limitations
many thanks for your reply again,
On Sat, Oct 28, 2017 at 10:18:33PM +1300, Andrew Bartlett wrote:
> On Wed, 2017-10-25 at 13:40 +0200, Ervin Hegedüs via samba wrote:
> > We have to build a Samba AD, with several DC's.
> > The designed customer number is about 500 000, or more (user).
> > But I don't know after the two articles (descibed in my first
> > e-mail) that should we store in all users in one domain, or we
> > have to plan that split them to more domains.
> > And if it needs (to split them), how many objects is the maximum
> > in an LDB?
> So, if I were you and the business application can be easily changed to
> shard the users into multiple domains I would do that. Samba is
> improving but 500,000 users is much above what anybody is know to have
> deployed Samba with.
> Naturally, you should do your own testing with Samba master and see how
> far you can push it, as each use case is a little different.
> My primary concern is that:
> - loading an index of objectclass=user would get increasingly slow
> - full scan of the database (still done occasionally, particularly for
> replication) would be an issue.
> - it is likely that joining a new DC and replication would be quite
> Finally, depending on what is in the record it simply might not fit, as
> there is a 4GB limit on tdb right now.
> For the size 64-bit aspect, I hope to see this situation change soon,
> perhaps for Samba 4.9. This isn't a promise yet, as it all depends on
> funding coming though, but I want to mention this so you know there is
> the potential that we will have a 64bit ldb re-based onto LDMB,
> removing the 32 bit limitation.
now I think everything is clear. Looks like we have to split the
users to multiple domain to store them. Then probably the new DC
join will be less painful.
Probably that will be generates more administrative tasks - well,
perhaps we can live with that together :).
Thanks again for all help,
To unsubscribe from this list go to the following URL and read the