[Date Prev][Date Next] [Chronological] [Thread] [Top]

Optimizing OpenLDAP pam authentication (it's very slow)

To: <openldap-software@OpenLDAP.org>
Subject: Optimizing OpenLDAP pam authentication (it's very slow)
From: Michael L Torrie <torriem@cs.byu.edu>
Date: Wed, 30 May 2001 17:41:30 -0600 (MDT)

I'm having a problem with OpenLDAP 2.0.9 being extremely slow.  I'm using
LDAP to store user information, with authentication done with PAM, passing
through to kerberos for actual authentication.  The system works; I can
ssh in and ldap provides the user information (shell, uid, etc) and
kerberos does the actual authentication.  The problem is that ldap is
extremely slow (Is it waiting for kerberos?).  Doing an 'su - myuser'
takes five seconds on a client machine!!  I'm pretty sure it's not
kerberos fault because I can get tickets really quickly and the kpasswd
program doesn't delay at all.

On a samba client, when I log in or out, it takes up to one minute.  On
the ldap server I see two ldap processes pegging the cpu at 100%.  (Samba
uses LDAP via PAM to retrieve user information on the server so it knows
which home directory to serve up, etc.)

Clearly this is unacceptable.  I'm only working with one client machine,
so multiple servers wouldn't help at all right now.  Even with two servers
load balancing, I couldn't support the 200 clients I need to support
eventually.

What could be happening?  I'd appreciate any ideas.

thanks,
Michael Torrie
BYU CS System Programmer

Follow-Ups:
- Re: Optimizing OpenLDAP pam authentication (it's very slow)
  - From: Adam Jacob <adam@sysadminsith.org>

Prev by Date: Re: Newbie Ldap and Outlook Address Book
Next by Date: Re: Optimizing OpenLDAP pam authentication (it's very slow)
Index(es):
- Chronological
- Thread