[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: performance problems with nss pam ldap
i suppose that's arguable. there are clearly advantages to maintaining
a single coherent authentication process instead of having applications
contact the ldap server individualy. using the apache->pam->ldap
chain is really no more involved than using imap/pop/ftpd->pam->ldap,
and seems cleaner than auth_ldap.
in the end it's a matter of personal preference.
--sasha
On Mon, Nov 26, 2001 at 09:13:57AM -0800, Howard Chu wrote:
> That seems like an inordinate amount of pain to go through, when you could
> just load auth_ldap directly into apache. At any rate, this is an extremely
> long toolchain, of which only one piece relates to this list. Any number of
> components could be screwing up and causing your slowdown.
>
> Quite frankly, your email reminds me of the phrase about ... giving someone
> enough rope to hang themself...
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Terry Davis
> > Sent: Monday, November 26, 2001 7:46 AM
> > To: openldap-software@OpenLDAP.org
> > Subject: Re: performance problems with nss pam ldap
> >
> >
> > Hello,
> >
> > I am still seeing a major performance problem when doing some queries on
> > my group information which is stored in ou=Groups,dc=domain,dc=com. To
> > be more specific, I am doing apache auth with pam which is using
> > nss which is getting its information from ldap. (phew)
> >
> > The normal auth (username and password) seems to be fine. I have been
> > using that with my imap server for a long time now. I just now am
> > starting to use groups which is rather slow.
> >
> > I went ahead and created some indexes. I am not seeing a difference.
> > Here is what I did:
> > Put this stuff into my slapd.conf:
> > index default pres,eq
> > index objectClass,uid
> > index cn,memberUid,uidNumber,gidNumber eq
> >
> > Restarted the server in read-only mode by adding this to my slapd.conf:
> > readonly on
> >
> > I ran this command:
> > slapindex
> >
> > This created some dbb files for me in my ldbm directory.
> >
> > Did I miss anything? Also, how often or should I reindex?
> > It appears as if www.openldap.org is down.
> >
> > Thank you!
> >
> >
> > Roel van Meer wrote:
> >
> > >Terry Davis wrote:
> > >
> > >>haha, and if I have none.
> > >>
> > >>ok, go ahead, smack me.
> > >>
> > >
> > >I'd rather you give some feedback on the howto if you can spare the
> > >time. I'm trying to get the project going again, but i need some
> > >input for that.
> > >
> > >Regards,
> > >
> > >rolek
> > >
> > >>>Terry Davis wrote:
> > >>>
> > >>>>Hello! I am seeing some big performance hits when I attempt
> > to do group
> > >>>>auth against my ldap server. When I do normal auth, without
> > any group
> > >>>>queries, it is very fast.
> > >>>>I have user information in:
> > >>>>ou=People,dc=birddog,dc=com
> > >>>>
> > >>>>and group information in :
> > >>>>ou=Groups,dc=birddog,dc=com
> > >>>>
> > >>>>What can I do to debug this?
> > >>>>
> > >>>>I can make any of my config files available. Thank you!
> > >>>>
> > >>>This may be caused by not having the right indexes in slapd.conf.
> > >>>
> > >>>Regards,
> > >>>
> > >>>rolek
> > >>>
> > >>>--
> > >>>1A First Alternative rolek@alt001.com www.alt001.com
> > >>>Linvision BV rolek@linvision.com (www|devel).linvision.com
> > >>>--
> > >>>
> > >
> > >--
> > >1A First Alternative rolek@alt001.com www.alt001.com
> > >Linvision BV rolek@linvision.com (www|devel).linvision.com
> > >--
> > >
> >
> >
> > --
> > Terry Davis
> > Systems Administrator
> > BirdDog Solutions, Inc.
> > (402) 829-6059
> > www.birddog.com
> >
> >