[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap slow

To: openldap-software@OpenLDAP.org
Subject: pam_ldap slow
From: Matthew Gregg <greggmc@musc.edu>
Date: Wed, 9 May 2001 12:13:43 -0400
Content-disposition: inline
User-agent: Mutt/1.3.17i

I'm authenticating users from a RedHat 7.1 box against OpenLDAP 2.0
It seems to be working ok, except for slowness during group membership
validation.
I'm only using the LDAP for passwd and group data.

Running slapd in debug mode, this filter appears to be run for group validation/membership:
conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=testuser,ou=People,dc=musc,dc=edu)))"

The data in the LDAP was loaded using the migration scripts from PADL
and do not contain a "uniqueMember" attribute, but instead have only
"memberuid".  
My ldap.conf file on the RH client is configured to use the memberuid:
# Group member attribute
pam_member_attribute memberuid

I've looked everywhere for a fix/answer and the closest I've come is this
post on the PADL mailing list:
http://lists.spack.org/archives/padl.com/0155.html

I have the following indexes setup:
index cn eq
index sn eq
index uid eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index uniqueMember pres
index objectclass eq


I have approx. 20K users and groups in the LDAP, could my speed
problem just be because of the number of group entries?

Any help or ideas would be greatly appreciated. 


 
-- 
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
--------------------------------------\
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars

Follow-Ups:
- Re: pam_ldap slow
  - From: Edwin Chiu <Edwin.Chiu@e-wares.com>
- Re: pam_ldap slow
  - From: Paul Jakma <paul@clubi.ie>

Prev by Date: Re: LDAP in Red Hat 7.1
Next by Date: Apache + LDAP
Index(es):
- Chronological
- Thread