[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Optimizing OpenLDAP pam authentication (it's very slow)

slapindex spews errors if I try to index uniqueMember with
equality. Only the presence index works.

On Thu, May 31, 2001 at 11:04:26AM -0700, Wil Cooley wrote:
> Thus spake Matthew Gregg:
> > But I no longer have memberUid in my LDAP. Should I index a
> > nonexistent object?
> > 
> > As my email stated, the PADL migrations scripts create ldif's that use
> > the memberUid schema, but after some advice from this group I changed
> > the migrations script to produce grouOfUniqueNames/uniqueMember
> > schema.
> > At the point that I was in fact using memberUid's I did have it
> > indexed and had the exact same performance problem.
> Did you have it indexed for presence or equality?  You have uniqueMember
> indexed here for presence, which I don't think is enough--you need it
> indexed for equality too.
> > Does anyone know the correct "configuration" for nsswitch/pam
> > authentication? Is it "memberUid" or "grouOfUniqueNames/uniqueMember"
> > or neither?
> RFC 2307 only defines memberUid, ont uniqueMember.
> Wil

brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars