[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Optimizing OpenLDAP pam authentication (it's very slow)



I just made a minor change to slapd.conf to bring in another schema, and
then I restarted slapd.  Bam.  It was slow again.  Remembering that I had
started the deamon manually before (as I was debugging), I shut down ldap
and then ran slapd manually:

slapd -d -u ldap -h 'ldap:/// ldaps:///'

Suddenly it was fast again.  Weird.  Now I'll see what the difference is
between how I run slapd and the ldap init script runs it.  Somehow on my
server when I start ldap through the init script ldap, it's slow.  How are
you running slapd?

Michael


On Thu, 31 May 2001, Matthew Gregg wrote:

> This is getting very frustrating.
>
> I shut down slapd, deleted all files from the ldap db directory.
> Re-migrated passwd and groups using the stock PADL scripts. then used
> ldapadd to re-populate the ldap from the passwd and group ldifs.
> Tried to login from a box using the ldap and it was still SLOW.
> So I stopped slapd re-ran slapindex(fingers crossed), started slapd.
> Again tried to login still SLOW.
>
> Base LDAP entries look like this:
> dn: dc=musc,dc=edu
> objectClass: dcObject
> objectClass: organization
> o: Medical University of South Carolina
> dc: musc
>
> dn: cn=Manager,dc=musc,dc=edu
> objectClass: organizationalRole
> cn: Manager
>
> dn: ou=People, dc=musc, dc=edu
> ou: People
> objectClass: top
> objectClass: organizationalUnit
>
> dn: ou=Groups, dc=musc, dc=edu
> ou: Groups
> objectClass: top
> objectClass: organizationalUnit
>
>
> Passwd entries look like this:
> dn: uid=greggmc,ou=People,dc=musc,dc=edu
> uid: greggmc
> cn: Matthew C Gregg
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> userPassword: <removed>
> loginShell: /bin/csh
> uidNumber: 4675
> gidNumber: 4675
> homeDirectory: /home/greggmc
> gecos: Matthew C Gregg
>
> Group entries look like this now:
> dn: cn=itlab,ou=Groups,dc=musc,dc=edu
> objectClass: posixGroup
> objectClass: top
> cn: itlab
> userPassword: {crypt}*
> gidNumber: 1389
> memberUid: binzafar
> memberUid: jonesje
> memberUid: sprovero
> memberUid: starmerf
> memberUid: starmerj
>
> My indices look like this:
> index uid,cn,uidNumber,gidNumber,memberUid eq
> index uniqueMember pres
> index objectClass pres,eq
>
> What gives folks?  It still seems like the group lookup is running
> un-indexed.
>
> Is anyone else on the list using OpenLDAP for pam authentication AND
> has a large number of user and groups entries(10K+)?
>
>
>