In my opinion this enormous search is performed by nss_ldap module
rather than pam_ldap module.
Would you like to replace line form /etc/nsswitch.conf
for field 'group: files ldap' with 'group: files'?
Then restart your ftpd and check if this search is done
again.
Thanks,
Marcin
On Fri, 6 Jul 2001, Stefan Brohs wrote:
Alright, I was watching the following logs and discovered, that while
looking for objectclass=posixaccount all entries (6000) were read. This
took a long time, because I set the sizelimit parameter to 50000 before.
I'm very sure, that this might be nonsense, but:
- why is PAM reading all group entries at all (and more than once)?
- and why does the login proceed when reducing the sizelimit (to 50) and
the SRCH results in error??