[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: performance problems with nss pam ldap

I added the following indexes and it trippled my performance:
index   sn,userPassword,givenName,telephoneNumber       eq

Thank you for your patience.  :)  ldap rocks.

Alex Vorobiev wrote:

i suppose that's arguable.  there are clearly advantages to maintaining
a single coherent authentication process instead of having applications
contact the ldap server individualy.  using the apache->pam->ldap
chain is really no more involved than using imap/pop/ftpd->pam->ldap,
and seems cleaner than auth_ldap.

in the end it's a matter of personal preference.

--sasha


On Mon, Nov 26, 2001 at 09:13:57AM -0800, Howard Chu wrote:

That seems like an inordinate amount of pain to go through, when you could
just load auth_ldap directly into apache. At any rate, this is an extremely
long toolchain, of which only one piece relates to this list. Any number of
components could be screwing up and causing your slowdown.

Quite frankly, your email reminds me of the phrase about  ... giving someone
enough rope to hang themself...

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Terry Davis
Sent: Monday, November 26, 2001 7:46 AM
To: openldap-software@OpenLDAP.org
Subject: Re: performance problems with nss pam ldap


Hello,

I am still seeing a major performance problem when doing some queries on
my group information which is stored in ou=Groups,dc=domain,dc=com.  To
be more specific, I am doing apache auth with pam which is using
nss which is getting its information from ldap.  (phew)

The normal auth (username and password) seems to be fine.  I have been
using that with my imap server for a long time now.  I just now am
starting to use groups which is rather slow.

I went ahead and created some indexes.  I am not seeing a difference.
Here is what I did:
Put this stuff into my slapd.conf:
   index default pres,eq
   index   objectClass,uid
   index   cn,memberUid,uidNumber,gidNumber   eq

Restarted the server in read-only mode by adding this to my slapd.conf:
   readonly       on

I ran this command:
   slapindex

This created some dbb files for me in my ldbm directory.

Did I miss anything?  Also, how often or should I reindex?
It appears as if www.openldap.org is down.

Thank you!


Roel van Meer wrote:

Terry Davis wrote:

haha, and if I have none.

ok, go ahead, smack me.

I'd rather you give some feedback on the howto if you can spare the
time. I'm trying to get the project going again, but i need some
input for that.

Regards,

rolek

Terry Davis wrote:

Hello!  I am seeing some big performance hits when I attempt

to do group

auth against my ldap server.   When I do normal auth, without

any group

queries, it is very fast.
I have user information in:
ou=People,dc=birddog,dc=com

and group information in :
ou=Groups,dc=birddog,dc=com

What can I do to debug this?

I can make any of my config files available.   Thank you!

This may be caused by not having the right indexes in slapd.conf.

Regards,

rolek

--
1A First Alternative rolek@alt001.com    www.alt001.com
Linvision BV         rolek@linvision.com (www|devel).linvision.com
--

--
1A First Alternative rolek@alt001.com    www.alt001.com
Linvision BV         rolek@linvision.com (www|devel).linvision.com
--


--
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
www.birddog.com




--
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
www.birddog.com