[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM/LDAP performance problem

To: Marcin Radecki <marcinr@student.uci.agh.edu.pl>, Todd Lyons <todd@mrball.net>, openldap-software@OpenLDAP.org
Subject: Re: PAM/LDAP performance problem
From: Stefan Brohs <sbrohs@iprimus0800.net>
Date: Fri, 06 Jul 2001 15:17:07 +0200
References: <Pine.GSO.4.30.0107061457540.602-100000@student.uci.agh.edu.pl>
User-agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20010131 Netscape6/6.01

Well, this works. But I have to remark that it doesn't make sense to me, because there is no group lookup anymore:

bash-2.04$ id
uid=20001(U190567) gid=7335 groups=7335

Maybe I should get into a deeper touch with nss_*

Thanks anyway,
Stefan

Marcin Radecki wrote:


In my opinion this enormous search is performed by nss_ldap module
rather than pam_ldap module.
Would you like to replace line form /etc/nsswitch.conf
for field 'group: files ldap' with 'group: files'?
Then restart your ftpd and check if this search is done
again.

Thanks,
Marcin

On Fri, 6 Jul 2001, Stefan Brohs wrote:

Alright, I was watching the following logs and discovered, that while
looking for objectclass=posixaccount all entries (6000) were read. This
took a long time, because I set the sizelimit parameter to 50000 before.
I'm very sure, that this might be nonsense, but:

- why is PAM reading all group entries at all (and more than once)?
- and why does the login proceed when reducing the sizelimit (to 50) and
the SRCH results in error??

Follow-Ups:
- Re: PAM/LDAP performance problem
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

References:
- Re: PAM/LDAP performance problem
  - From: Marcin Radecki <marcinr@student.uci.agh.edu.pl>

Prev by Date: Re: Advanced ACL configuration?
Next by Date: maintaining uniqueness of uid across subtree's
Index(es):
- Chronological
- Thread