RE: pam_ldap slow

["Tarjei Huse" <tarjei@nu.no>]

Hm. Just from looking at your entry, I see a culpe of things.

shouldn't you write the full dn in memberuid_ i.e. memberUid=Uid=binzafar,
ou=People ...
also, I advise you to try downloading directroy admin and using it to add
groupmembers.
DA uses another set of classes (no prob for pam):
objectClass=groupOfUniqueNames
uniqueMember=uid=tarjei,...(full dn)

try it see if it helps you.

Tarjei



> Group entries look like this:
> dn: cn=itlab,ou=groups,dc=musc,dc=edu
> objectClass: posixGroup
> objectClass: top
> cn: itlab
> userPassword: {crypt}*
> gidNumber: 1389
> memberUid: binzafar
> memberUid: jonesje
> memberUid: sprovero
> memberUid: starmerf
> memberUid: starmerj
>
>
> Thanks again.
>
>
> On Thu, May 10, 2001 at 04:02:21AM +0100, Paul Jakma wrote:
> > On Wed, 9 May 2001, Matthew Gregg wrote:
> >
> > > Running slapd in debug mode, this filter appears to be
> run for group validation/membership:
> > > conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2
> > > filter="(&(objectClass=posixGroup)(|(memberUid=root)
> > > (uniqueMember=uid=testuser,ou=People,dc=musc,dc=edu)))"
> >
> > Hi Matthew,
> >
> > on the client run nscd and configure it with reasonable positive
> > cache times.  And on the server add an 'equal' index for
> > attribute memberUid.
> >
> > regards,
>
> --
> brought to you by, Matthew Gregg...
> one of the friendly folks in the IT Lab.
> --------------------------------------\
> The IT Lab (http://www.itlab.musc.edu) \____________________
> Probably the world's premier software development center.
> Serving: Programming, Tools, Ice Cream, Seminars