[Date Prev][Date Next] [Chronological] [Thread] [Top]

Reverse Lookup slowing down LDAP bind?

To: <openldap-software@OpenLDAP.org>
Subject: Reverse Lookup slowing down LDAP bind?
From: "Eric Parusel" <lists@globalrelay.net>
Date: Tue, 15 May 2001 10:41:57 -0700

Hello,

    I've recently set up a two server ldap master -> slave "pair",
running Openldap 2.0.7 ...

I've been noticing that on the first few binds to the ldap server
(either one), it takes quite a long time (like in the realm of 30
seconds) to bind and then the query speeds along, nice and fast...

Once I've done a few binds, the binding process takes a fraction of a
second...

I've since compiled version 2.0.8, it behaves in the same way.

I read a post that recommended shutting off reverse lookups with
"--enable-rlookups=no" (which seemed to be the default according to
"./configure --help" anyways), but that didn't change anything.

I read a post in the mailing list archives, and someone that claimed
that they've determined the cause of the significant slowdown:
http://www.openldap.org/lists/openldap-software/200103/msg00569.html

*Then*, I checked my dnscache logs (I'm using djbdns), and noticed
that whenever a new bind was attempted, there was a lookup from the
ldap server being connected to, to the dns server(s) listed in the
ldap server's /etc/resolv.conf ....

Dnscache log entry:
@400000003b015ecf1330605c servfail 86.0.3.10.in-addr.arpa.
input/output error
@400000003b015ecf1331f69c sent 37663 40

I changed it from our djbdns servers to some other dns servers
(probably running bind) and now logins are very fast...!

Now although the problem is fixed/bandaided, there's two issues:

1) Why didn't the query from openldap2 -> dnscache work?

2) Why is the lookup even happening?  Shouldn't "--enable-rlookups=no"
stop this from happening at all?


Thanks for any help in advance :),

Eric Parusel
Systems Administrator
Global Relay

Prev by Date: oRAddressMatch
Next by Date: attribute syntax question
Index(es):
- Chronological
- Thread