Re: Optimizing OpenLDAP pam authentication (it's very slow)

["Andrew Petrov" <apetrov@keyspanenergy.com>]

Try re-generating uniqueMember indexing and see if that helps.

Matthew Gregg wrote:

> But I no longer have memberUid in my LDAP. Should I index a
> nonexistent object?
>
> As my email stated, the PADL migrations scripts create ldif's that use
> the memberUid schema, but after some advice from this group I changed
> the migrations script to produce grouOfUniqueNames/uniqueMember
> schema.
> At the point that I was in fact using memberUid's I did have it
> indexed and had the exact same performance problem.
>
> Does anyone know the correct "configuration" for nsswitch/pam
> authentication? Is it "memberUid" or "grouOfUniqueNames/uniqueMember"
> or neither?
>
> On Thu, May 31, 2001 at 04:53:45PM +0200, GOMBAS Gabor wrote:
> > On Thu, May 31, 2001 at 10:35:59AM -0400, Matthew Gregg wrote:
> >
> > > index uid,cn,objectclass,uidnumber,gidnumber eq
> > > index uniqueMember pres
> >
> > You do not have an index for memberUid. That means slapd has to walk
> > over _all_ entries in your database each time you do a search on it.
> > Do not be surprised if it is slow...
> >
> > General advice: either index every attribute you want to use in searches or
> > be very patient.
> >
> > Gabor
> >
>
> --
> brought to you by, Matthew Gregg...
> one of the friendly folks in the IT Lab.
> --------------------------------------\
> The IT Lab (http://www.itlab.musc.edu) \____________________
> Probably the world's premier software development center.
> Serving: Programming, Tools, Ice Cream, Seminars

--

apetrov@keyspanenergy.com
"Nothing is impossible, it's just a matter of time and money."