[Date Prev][Date Next]
Re: PAM/LDAP performance problem
>we are desperately trying to use PAM/LDAP as a *fast* authentication
>method for FTP logins. After installing and configuring things were
>working fine. But after adding 20000 user entries just for testing (we
>expect much more in the future) the response time (ftp login) raised
>from 3 seconds (4000 entries) up to 23 seconds (20000 user entries and
>about 6000 group entries).
>Both, user lookup and password lookup seem to search the whole LDAP
>directory without using indexes (slapd takes 99% CPU for the time in
>question), even though they exist on almost all attributes (cn, uid,
>uidnumber, gid, gidnumber, etc.). Since ldapsearch is answering within
>fractions of a second and only ftp and shell login (and "id") are very
>slow we don't really have an idea what the problem could be. Ain't PAM
Did you setup you indexes before you loaded the data? Do dbb files exist for the
index you think you should have? This really sounds (IMHO) like a flounces
index on objectclass. Might not hurt to rebuild the index and see what happens.
Systems and Network Administrator
1825 Monroe Ave NW.
Grand Rapids, MI. 49505