[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM/LDAP performance problem



>we are desperately trying to use PAM/LDAP as a *fast* authentication 
>method for FTP logins. After installing and configuring things were 
>working fine. But after adding 20000 user entries just for testing (we 
>expect much more in the future) the response time (ftp login) raised 
>from 3 seconds (4000 entries) up to 23 seconds (20000 user entries and 
>about 6000 group entries).
>Both, user lookup and password lookup seem to search the whole LDAP 
>directory without using indexes (slapd takes 99% CPU for the time in 
>question), even though they exist on almost all attributes (cn, uid, 
>uidnumber, gid, gidnumber, etc.). Since ldapsearch is answering within 
>fractions of a second and only ftp and shell login (and "id") are very 
>slow we don't really have an idea what the problem could be. Ain't PAM 
>using indexes?

Did you setup you indexes before you loaded the data? Do dbb files exist for the
index you think you should have?  This really sounds (IMHO) like a flounces
index on objectclass.  Might not hurt to rebuild the index and see what happens.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505