[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: PAM/LDAP performance problem
>we are desperately trying to use PAM/LDAP as a *fast* authentication
>method for FTP logins. After installing and configuring things were
>working fine. But after adding 20000 user entries just for testing (we
>expect much more in the future) the response time (ftp login) raised
>from 3 seconds (4000 entries) up to 23 seconds (20000 user entries and
>about 6000 group entries).
>Both, user lookup and password lookup seem to search the whole LDAP
>directory without using indexes (slapd takes 99% CPU for the time in
>question), even though they exist on almost all attributes (cn, uid,
>uidnumber, gid, gidnumber, etc.). Since ldapsearch is answering within
>fractions of a second and only ftp and shell login (and "id") are very
>slow we don't really have an idea what the problem could be. Ain't PAM
>using indexes?
Did you setup you indexes before you loaded the data? Do dbb files exist for the
index you think you should have? This really sounds (IMHO) like a flounces
index on objectclass. Might not hurt to rebuild the index and see what happens.
Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505