[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM/LDAP performance problem



Well, this works. But I have to remark that it doesn't make sense to me, because there is no group lookup anymore:

bash-2.04$ id
uid=20001(U190567) gid=7335 groups=7335

Maybe I should get into a deeper touch with nss_*

Thanks anyway,
Stefan

Marcin Radecki wrote:


In my opinion this enormous search is performed by nss_ldap module rather than pam_ldap module. Would you like to replace line form /etc/nsswitch.conf for field 'group: files ldap' with 'group: files'? Then restart your ftpd and check if this search is done again.

Thanks,
Marcin

On Fri, 6 Jul 2001, Stefan Brohs wrote:

Alright, I was watching the following logs and discovered, that while
looking for objectclass=posixaccount all entries (6000) were read. This
took a long time, because I set the sizelimit parameter to 50000 before.
I'm very sure, that this might be nonsense, but:

- why is PAM reading all group entries at all (and more than once)?
- and why does the login proceed when reducing the sizelimit (to 50) and
the SRCH results in error??