Samba 4 as a user source for setups larger than 50 users.

  • I read here that samba4 for setups with more than 50 users is not supported:

    Is that still the case? Is the 50 user limit on the number of kopano-users, or the number of users in the directory?

  • Kopano

    @klausade / @thctlo though it may ‘work fine’, Samba 4 AD is not supported for deployments with 50+ users. We’ve seen that (aside from some specific, paid-for versions) Samba 4 AD can’t deliver the performance needed for a production deployment.

    If you need to do a new deployment, I would recommend OpenLDAP or AD.

  • Then you should tune the system better, i do this with 150 user in AD-DC Samba 4 setup.
    database Kopano max around 120Gb…
    Just sort out the needed indexing and use latest samba versions…

    This is in my opinion just strange to say… first you say dont recommend Samba 4 AD then you say:
    I would recommend OpenLDAP or AD ??
    for both you need the same, good indexing and using an ldap proxy also helps.

    @bhuisman Can you which samba versions where used?

  • We went from openldap and over to samba4-ad, we have 400 users, but only 100 of those are Kopano-users. We use samba 4.9.5 on our DC’s, and 4.10.13 on the mailserver, the samba4-AD has been in use for 2 months for all other stuff, but we only started slowly this week to also use it for Kopano (we used openldap in parallel), since this is a holiday week here, we haven’t yet had the experience of all users using Kopano+samba4-ad. We have added indexing for kopanoAccount and otherMailbox.
    We would have preferred to stay with openldap, but the upgrade from win7 to win10 kind of forced us to go with samba4-ad.

    @bhuisman Since samba4-ad is something that, I imagine, is getting more and more deployed, you should maybe consider giving a few more details to the documentation, other than “Please note that due to performance problems in Samba 4, Samba 4 is not supported as a user source for setups larger than 50 users.”, because if we were to deploy Kopano today, having already samba4-ad, then that short sentence would probably have made us shy away.

    @thctlo we use the excellent packages from :-)

    We will see during next week how this goes, but turning back isn’t an option.

  • @klausade said in Samba 4 as a user source for setups larger than 50 users.:

    @thctlo we use the excellent packages from :-)

    Thanks for that update, i see you like my packages :-) Always good to hear… Thanks! :-) :-)

  • Kopano

    @thctlo I can’t, it concerns a running customer system.

    We know the ones with the openLDAP backend provide proper performance, but these are not ‘default’, which is why Samba 4 AD is not officially supported as a user backend. That does not mean it does not work (after all, it provides LDAP), but we know from experience that large scale setups may perform poorly with Samba 4 AD.

  • Kopano

    @klausade “is not supported” is not the same as “does not work”. It means that we can’t guarantee it performs or works well enough for an ‘approved’ stamp.

    The reason for such a statement is that I would not want to get in the situation where someone deploys a Kopano installation on Samba 4 AD with a few 100’s of users and then (after some time) finds out it does not work properly anymore.

  • But @bhuisman Which samba4 version was just in your case, this is most important to know (for me even).
    Because if i know exact which and you explain the problem you had, I’ll report it in the samba bug reporter.

  • Hi,

    we have an Samba 4 setup (Debian 9) for 300+ users as user backend for Kopano. This setup works perfect.

Log in to reply