[Date Prev][Date Next]
Reverse Lookup slowing down LDAP bind?
I've recently set up a two server ldap master -> slave "pair",
running Openldap 2.0.7 ...
I've been noticing that on the first few binds to the ldap server
(either one), it takes quite a long time (like in the realm of 30
seconds) to bind and then the query speeds along, nice and fast...
Once I've done a few binds, the binding process takes a fraction of a
I've since compiled version 2.0.8, it behaves in the same way.
I read a post that recommended shutting off reverse lookups with
"--enable-rlookups=no" (which seemed to be the default according to
"./configure --help" anyways), but that didn't change anything.
I read a post in the mailing list archives, and someone that claimed
that they've determined the cause of the significant slowdown:
*Then*, I checked my dnscache logs (I'm using djbdns), and noticed
that whenever a new bind was attempted, there was a lookup from the
ldap server being connected to, to the dns server(s) listed in the
ldap server's /etc/resolv.conf ....
Dnscache log entry:
@400000003b015ecf1330605c servfail 188.8.131.52.in-addr.arpa.
@400000003b015ecf1331f69c sent 37663 40
I changed it from our djbdns servers to some other dns servers
(probably running bind) and now logins are very fast...!
Now although the problem is fixed/bandaided, there's two issues:
1) Why didn't the query from openldap2 -> dnscache work?
2) Why is the lookup even happening? Shouldn't "--enable-rlookups=no"
stop this from happening at all?
Thanks for any help in advance :),