[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM/LDAP performance problem

To: Stefan Brohs <sbrohs@iprimus0800.net>
Subject: Re: PAM/LDAP performance problem
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Thu, 05 Jul 2001 10:42:55 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3B4483CD.2040402@iPrimus0800.net>
References: <3B4483CD.2040402@iPrimus0800.net>
User-agent: IMP/PHP IMAP webmail program 2.2.1

>we are desperately trying to use PAM/LDAP as a *fast* authentication 
>method for FTP logins. After installing and configuring things were 
>working fine. But after adding 20000 user entries just for testing (we 
>expect much more in the future) the response time (ftp login) raised 
>from 3 seconds (4000 entries) up to 23 seconds (20000 user entries and 
>about 6000 group entries).
>Both, user lookup and password lookup seem to search the whole LDAP 
>directory without using indexes (slapd takes 99% CPU for the time in 
>question), even though they exist on almost all attributes (cn, uid, 
>uidnumber, gid, gidnumber, etc.). Since ldapsearch is answering within 
>fractions of a second and only ftp and shell login (and "id") are very 
>slow we don't really have an idea what the problem could be. Ain't PAM 
>using indexes?

Did you setup you indexes before you loaded the data? Do dbb files exist for the
index you think you should have?  This really sounds (IMHO) like a flounces
index on objectclass.  Might not hurt to rebuild the index and see what happens.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505

Follow-Ups:
- Re: PAM/LDAP performance problem
  - From: Stefan Brohs <sbrohs@iprimus0800.net>

References:
- PAM/LDAP performance problem
  - From: Stefan Brohs <sbrohs@iprimus0800.net>

Prev by Date: PAM/LDAP performance problem
Next by Date: RE: PAM/LDAP performance problem
Index(es):
- Chronological
- Thread