[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slow ldap authentication

2011/1/4 bluethundr <bluethundr@gmail.com>:
> Hi list,
>  It's been a few days and I just wanted to check back to see if anyone
> had any troubleshooting tips that might help to solve this situation
> that I'm dealing with as I'm still a relatively new LDAP admin. I
> really appreciated your advice in the past and have overcome some very
> significant technical hurdles with your assistance on a number of
> occasions.
>  Thanks in advance!and I would like to wish you a belated happy new year!
> Tim
> On Sun, Jan 2, 2011 at 12:58 AM, bluethundr <bluethundr@gmail.com> wrote:
>> Hello list!!
>> I would greatly appreciate your help with an issue I am having here.
>> It seems that when you log into hosts on the network via ldap
>> authentication, said authentication is extremely sloooowww... on the
>> order of up to 30 seconds to log in! I could use some assistance in
>> correlating the information in the logs with the way that slapd.conf
>> is configured.
>>  What I did to capture the event in the logs was to (after backing
>> them up) empty them with cat /dev/null  > /var/log/openldap.log and
>> then log into a host on the network via an ldap account. Right after
>> login was finished I copied the log file to another location on the
>> nas and enclosed it here. Therefore it reflects only what happened
>> during the login. I've also enclosed my slapd.conf and ldap schema as
>> attachments for your perusal.
>>  I've attempted adding some indexes to the configuration to alleviate
>> the situation but unfortunately this had no effect. The ones I added
>> were uid and uidNumber which I've read can help address this sort of
>> situation.
>> [root@LBSD2:~]#grep -i index /usr/local/etc/openldap/slapd.conf
>> index   objectClass,uid,uidNumber       eq
>> index   sudoUser        eq
>> thanks in advice with any assistance you can provide.
>> best regards
>> --
>> GPG me!!
>> gpg --keyserver pgp.mit.edu --recv-keys F186197B
> --
> GPG me!!
> gpg --keyserver pgp.mit.edu --recv-keys F186197B


It looks like DNS issue, not LDAP.
Try setting "UseDNS no" in sshd_config