[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: performance problems with nss pam ldap

Terry Davis wrote:
> Hello,
> I am still seeing a major performance problem when doing some queries on
> my group information which is stored in ou=Groups,dc=domain,dc=com.  To
> be more specific, I am doing apache auth with pam which is using
> nss which is getting its information from ldap.  (phew)
> The normal auth (username and password) seems to be fine.  I have been
> using that with my imap server for a long time now.  I just now am
> starting to use groups which is rather slow.
> I went ahead and created some indexes.  I am not seeing a difference.
>  Here is what I did:
> Put this stuff into my slapd.conf:
>     index default pres,eq
>     index   objectClass,uid
>     index   cn,memberUid,uidNumber,gidNumber   eq
> Restarted the server in read-only mode by adding this to my slapd.conf:
>     readonly       on
> I ran this command:
>     slapindex
> This created some dbb files for me in my ldbm directory.
> Did I miss anything?

No, this seems all right to me. You might check which queries the
apache module is doing. If they use attributes in the query that you
don't have indexed, they will still be slow.
You can check the apache_ldap module's source for this, or run slapd
with debugging on, to see which queries actually are being

How much entries does your ldap server have? If the number of
entries is relatively low, indexing shouldn't matter all that much,
and it might be a different problem...

> Also, how often or should I reindex?

You don't need to. You only need to run slapindex is when you change
or add indexes in the configuration file.
>From that point, slapd will maintain the index files.

> It appears as if www.openldap.org is down.
No problems here.. (Mon Nov 26 18:24:52 CET 2001)

1A First Alternative rolek@alt001.com    www.alt001.com
Linvision BV         rolek@linvision.com (www|devel).linvision.com