[Date Prev][Date Next]
Re: pam_ldap slow
You can try a couple things, aside from adding the additional indices:
- Try using the Berkely DB backend
- Try using nscd, to cache replies
Also, I forget which scope == 2, but try a scope of BASE or ONE,
rather than what I think might be a SUB search....
Matthew Gregg wrote:
> I'm authenticating users from a RedHat 7.1 box against OpenLDAP 2.0
> It seems to be working ok, except for slowness during group membership
> I'm only using the LDAP for passwd and group data.
> Running slapd in debug mode, this filter appears to be run for group validation/membership:
> conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2
> The data in the LDAP was loaded using the migration scripts from PADL
> and do not contain a "uniqueMember" attribute, but instead have only
> My ldap.conf file on the RH client is configured to use the memberuid:
> # Group member attribute
> pam_member_attribute memberuid
> I've looked everywhere for a fix/answer and the closest I've come is this
> post on the PADL mailing list:
> I have the following indexes setup:
> index cn eq
> index sn eq
> index uid eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index uniqueMember pres
> index objectclass eq
> I have approx. 20K users and groups in the LDAP, could my speed
> problem just be because of the number of group entries?
> Any help or ideas would be greatly appreciated.
> brought to you by, Matthew Gregg...
> one of the friendly folks in the IT Lab.
> The IT Lab (http://www.itlab.musc.edu) \____________________
> Probably the world's premier software development center.
> Serving: Programming, Tools, Ice Cream, Seminars