Configure OMV 4.1.3 with AD 10000+ users

  • First of all. I apologizy for my very bad english :)



    I try install OMV 4.1.3 by iso on VM.


    After installing and configuration connect with AD on Windows Server 2008R2 by this manual - https://www.wishzone.net/all/o…-a-windows-2008r2-domain/


    After connecting I got problem with function getUserList, that takes more then 10 minuts. And how I understand this problem is in this function:

    She geting list of all users from AD and append additional information from local-db. => Getting list Users continue very long time.




    Second variant configuration that I used was by this manual - Guide to OMV 4 Active Directory Integration


    But in this case I don't got list of users because sssd load one core on 100% (with param enumerate = True) or return nothing (with param enumerate = False)



    In last Idea was use plugin openmediavault-ldap, but in this case i don't get list of users too.




    Maybe there is someone here who configure OMV with AD 10000+ users, and can help with configuration.


    Thank you :)

    • Offizieller Beitrag

    I don't have 10000 users so take this with a grain of salt. I use sssd instead of winbind. It is a much newer way of doing things. I have a script in this thread that works for most windows ad. https://forum.openmediavault.o…Directory-LDAP-Revisited/ You might have to tune it for 10000 users.


    Also see this https://forum.openmediavault.o…highlight=ldap#post180760



    Please let me know if you find anything that should be in the script.

  • Ok. I will try. Me very interested use omv, because more comfortable and with web GUI instruments for administration share i yet don't found.
    And if me succeed to connect omv with my AD (17000 users) I will let know.


    Thank you.

    • Offizieller Beitrag

    Again I have not used this with more than 100 users and 5 groups. "OMV is not designed to manage 10000+ users." Managing users and groups is not my goal. That is better left to the various ldap / ad servers. sssd enumerates the users and groups for access rights to the shares. That is all debian and not depentant on OMV code. It works great for me. The speed is the question with 10,000 users. sssd has been trying to improve speed for some time. I don't know what the limit is.


    The only way to know if this works for you is to try.

    • Offizieller Beitrag

    sssd has been trying to improve speed for some time. I don't know what the limit is.

    At work, we use sssd connected to LDAP (sync'd from AD) with more than 10k users on Linux systems. Works well but we never try to enumerate all of them into a paginated web interface. I do have a couple of sssd Linux systems connecting to AD and while it seems to be just as fast as LDAP, it is very problematic. sssd has to be restarted at least five times a week. This happens on Ubuntu 16/18 and CentOS/RHEL 7.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    At work, we use sssd connected to LDAP (sync'd from AD) with more than 10k users on Linux systems. Works well but we never try to enumerate all of them into a paginated web interface. I do have a couple of sssd Linux systems connecting to AD and while it seems to be just as fast as LDAP, it is very problematic. sssd has to be restarted at least five times a week. This happens on Ubuntu 16/18 and CentOS/RHEL 7.

    With 10,000 users it is probably better to use groups than users. Don't know if sssd can only enumerate groups. That should speed it up if possible.


    "This happens on Ubuntu 16/18 and CentOS/RHEL 7." Try debian. LOL Seriously it is probably the windows servers.


    Will be interesting to see what the op finds.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!