[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Optimizing OpenLDAP pam authentication (it's very slow)

But I no longer have memberUid in my LDAP. Should I index a
nonexistent object?

As my email stated, the PADL migrations scripts create ldif's that use
the memberUid schema, but after some advice from this group I changed
the migrations script to produce grouOfUniqueNames/uniqueMember
At the point that I was in fact using memberUid's I did have it
indexed and had the exact same performance problem.

Does anyone know the correct "configuration" for nsswitch/pam
authentication? Is it "memberUid" or "grouOfUniqueNames/uniqueMember"
or neither?

On Thu, May 31, 2001 at 04:53:45PM +0200, GOMBAS Gabor wrote:
> On Thu, May 31, 2001 at 10:35:59AM -0400, Matthew Gregg wrote:
> > index uid,cn,objectclass,uidnumber,gidnumber eq
> > index uniqueMember pres
> You do not have an index for memberUid. That means slapd has to walk
> over _all_ entries in your database each time you do a search on it.
> Do not be surprised if it is slow...
> General advice: either index every attribute you want to use in searches or
> be very patient.
> Gabor

brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars