[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Optimizing OpenLDAP pam authentication (it's very slow)

Okay, my ldap server is running very quickly now.  I'm using the following
indexes (I have not modified how the groups are stored from the migrate

index uid,cn,gidNumber,uidNumber,memberUid eq
index objectClass pres,eq

I then ran slapindex and restart ldap.  Now when I ls -l all the user
directories, they show up right away.  Logging in via samba on a windows
machine barely touches ldap at all right now.  su'ing to a user is almost
instant.  I'm also running nscd.  Those who are playing around with index
settings, did you remember to run slapindex to generate the indexes?  Once
I did that, things are full speed now.

Does this help Matthew?


On Thu, 31 May 2001, Matthew Gregg wrote:

> I've seen that and tried that.  What that does is "and" your filter
> with the default filter.  How to change/override the default filter would be
> the trick. Right?
> On Thu, May 31, 2001 at 05:24:41PM +0200, GOMBAS Gabor wrote:
> > On Thu, May 31, 2001 at 11:12:38AM -0400, Matthew Gregg wrote:
> >
> > > Also, the filter that is being run is coming from nsswitch/pam_ldap.
> > > It's not something that I can configure, without some code changes.
> >
> > Yes you can. Look at the sample ldap.conf in the nss_ldap distribution
> > (the nss_base_* parameters).
> >
> > Gabor
> >