Thus spake Matthew Gregg: > But I no longer have memberUid in my LDAP. Should I index a > nonexistent object? > > As my email stated, the PADL migrations scripts create ldif's that use > the memberUid schema, but after some advice from this group I changed > the migrations script to produce grouOfUniqueNames/uniqueMember > schema. > At the point that I was in fact using memberUid's I did have it > indexed and had the exact same performance problem. Did you have it indexed for presence or equality? You have uniqueMember indexed here for presence, which I don't think is enough--you need it indexed for equality too. > Does anyone know the correct "configuration" for nsswitch/pam > authentication? Is it "memberUid" or "grouOfUniqueNames/uniqueMember" > or neither? RFC 2307 only defines memberUid, ont uniqueMember. Wil -- W. Reilly Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc LNXS: Get 0.2.0-devel at http://sourceforge.net/projects/lnxs/ irc.openprojects.net #lnxs It is now quite lawful for a Catholic woman to avoid pregnancy by a resort to mathematics, though she is still forbidden to resort to physics and chemistry. -- H.L. Mencken
Attachment:
pgpcPVPAxvmtA.pgp
Description: PGP signature