[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Optimizing OpenLDAP pam authentication (it's very slow)
But I no longer have memberUid in my LDAP. Should I index a
nonexistent object?
As my email stated, the PADL migrations scripts create ldif's that use
the memberUid schema, but after some advice from this group I changed
the migrations script to produce grouOfUniqueNames/uniqueMember
schema.
At the point that I was in fact using memberUid's I did have it
indexed and had the exact same performance problem.
Does anyone know the correct "configuration" for nsswitch/pam
authentication? Is it "memberUid" or "grouOfUniqueNames/uniqueMember"
or neither?
On Thu, May 31, 2001 at 04:53:45PM +0200, GOMBAS Gabor wrote:
> On Thu, May 31, 2001 at 10:35:59AM -0400, Matthew Gregg wrote:
>
> > index uid,cn,objectclass,uidnumber,gidnumber eq
> > index uniqueMember pres
>
> You do not have an index for memberUid. That means slapd has to walk
> over _all_ entries in your database each time you do a search on it.
> Do not be surprised if it is slow...
>
> General advice: either index every attribute you want to use in searches or
> be very patient.
>
> Gabor
>
--
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
--------------------------------------\
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars