[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Login takes more time (LDAP)

On 30/09/11 06:24 -0000, vijay s sheelavantar wrote:
Hi,I am using openldap-2.4.26 on one machine, and pam_ldap-186 and
nss_ldap-265 on another machine, both machines running Fedora-10.

I am trying for a secure communication using TLS/SSL. when I try to
connect to the LDAP client machine using SSH, after authentication success
the shell prompt is returned after 3 min or 4 mins. I don't know why it is
taking so much time. This is happening for the users which are present
only in LDAP database i.e. this user is not created on the client machine.

Some general ideas:

0. set 'UseDNS no' in your sshd_config to troubleshoot a DNS problem.

1. Try:

getent passwd <user>
getent group <primary_group>
getent group | grep <user>

If any of these take a long time to complete, check your 'index'
configuration statements, and run slapindex after any changes (e.g. sudo -u
openldap slapindex)

2. Take a look at any name service caching daemons you have running (nscd)
and restart/disable/replace during trouble shooting.

3. run ldapsearch/ldapwhoami from the client, using the same parameters
that your PADL configuration is using, which could reveal unexpected issues
with your configuration.

Dan White