On Sat, Sep 25, 2004 at 08:12:46AM +1000, Andrew Bartlett wrote:
> Currently, Samba 3.0.3 and above are unusable at my site, simply because
> we have a 1000 user database (and very frequent domain logons)! This
> happens because for some reason the WinXP clients want to know the
> members of the 'domain admins' group, and the current code does of all
> things a 'getent passwd' against the entire LDAP directory, because NSS


I'm following this thread with great interest, because I have a feeling I'm
being bitten by this problem. There is a site with a big win2k forest which
has dozens of domains and several thousand users and groups. One application
(kde) is doing just that, getent group | grep something to find out to which
groups a user belongs to, and that takes about 6 minutes. I changed that code (kde's)
to use getgrouplist() and I'm waiting on further testing to see if that improves
the situation.

> doesn't provide a call for finding users with primary GIDs.


You mean, you have a group and need to find whose primary group it is?