[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap slow

I'm authenticating users from a RedHat 7.1 box against OpenLDAP 2.0
It seems to be working ok, except for slowness during group membership
I'm only using the LDAP for passwd and group data.

Running slapd in debug mode, this filter appears to be run for group validation/membership:
conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2

The data in the LDAP was loaded using the migration scripts from PADL
and do not contain a "uniqueMember" attribute, but instead have only
My ldap.conf file on the RH client is configured to use the memberuid:
# Group member attribute
pam_member_attribute memberuid

I've looked everywhere for a fix/answer and the closest I've come is this
post on the PADL mailing list:

I have the following indexes setup:
index cn eq
index sn eq
index uid eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index uniqueMember pres
index objectclass eq

I have approx. 20K users and groups in the LDAP, could my speed
problem just be because of the number of group entries?

Any help or ideas would be greatly appreciated. 

brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars