[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap slow

To: Tarjei Huse <tarjei@nu.no>
Subject: Re: pam_ldap slow
From: Matthew Gregg <greggmc@musc.edu>
Date: Fri, 11 May 2001 13:49:26 -0400
Cc: "'Paul Jakma'" <paul@clubi.ie>, openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <004301c0da3e$8c05ed00$8501a8c0@mail.nu.no>; from tarjei@nu.no on Fri, May 11, 2001 at 07:19:30PM +0200
References: <20010511131612.C1612@musc.edu> <004301c0da3e$8c05ed00$8501a8c0@mail.nu.no>
User-agent: Mutt/1.3.17i

I'm just emulating the query that pam_ldap is running which doesn't
use the full dn.

I've tried "Directory Admin" nice little app., but I'm tryin to
migrate 20K users from passwd and group files.  The migration scripts
that PADL provides work well for that, but by default don't use the
groupOfUniqueNames objectclass.
I there a way to tell pam_ldap to not use the "groupOfUniqueNames"
schema? Or, could it be I'm looking in a totaly wronge direction with
this problem?


On Fri, May 11, 2001 at 07:19:30PM +0200, Tarjei Huse wrote:
> Hm. Just from looking at your entry, I see a culpe of things.
> 
> shouldn't you write the full dn in memberuid_ i.e. memberUid=Uid=binzafar,
> ou=People ...
> also, I advise you to try downloading directroy admin and using it to add
> groupmembers.
> DA uses another set of classes (no prob for pam):
> objectClass=groupOfUniqueNames
> uniqueMember=uid=tarjei,...(full dn)
> 
> try it see if it helps you.
> 
> Tarjei
> 
> 
> 
> > Group entries look like this:
> > dn: cn=itlab,ou=groups,dc=musc,dc=edu
> > objectClass: posixGroup
> > objectClass: top
> > cn: itlab
> > userPassword: {crypt}*
> > gidNumber: 1389
> > memberUid: binzafar
> > memberUid: jonesje
> > memberUid: sprovero
> > memberUid: starmerf
> > memberUid: starmerj
> >
> >
> > Thanks again.
> >
> >
> > On Thu, May 10, 2001 at 04:02:21AM +0100, Paul Jakma wrote:
> > > On Wed, 9 May 2001, Matthew Gregg wrote:
> > >
> > > > Running slapd in debug mode, this filter appears to be
> > run for group validation/membership:
> > > > conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2
> > > > filter="(&(objectClass=posixGroup)(|(memberUid=root)
> > > > (uniqueMember=uid=testuser,ou=People,dc=musc,dc=edu)))"
> > >
> > > Hi Matthew,
> > >
> > > on the client run nscd and configure it with reasonable positive
> > > cache times.  And on the server add an 'equal' index for
> > > attribute memberUid.
> > >
> > > regards,
> >
> 

-- 
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
--------------------------------------\
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars

References:
- Re: pam_ldap slow
  - From: Matthew Gregg <greggmc@musc.edu>
- RE: pam_ldap slow
  - From: "Tarjei Huse" <tarjei@nu.no>

Prev by Date: RE: pam_ldap slow
Next by Date: Witch Version should i use.
Index(es):
- Chronological
- Thread