[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: performance problems with nss pam ldap



i suppose that's arguable.  there are clearly advantages to maintaining
a single coherent authentication process instead of having applications
contact the ldap server individualy.  using the apache->pam->ldap
chain is really no more involved than using imap/pop/ftpd->pam->ldap,
and seems cleaner than auth_ldap.

in the end it's a matter of personal preference.

--sasha


On Mon, Nov 26, 2001 at 09:13:57AM -0800, Howard Chu wrote:
> That seems like an inordinate amount of pain to go through, when you could
> just load auth_ldap directly into apache. At any rate, this is an extremely
> long toolchain, of which only one piece relates to this list. Any number of
> components could be screwing up and causing your slowdown.
> 
> Quite frankly, your email reminds me of the phrase about  ... giving someone
> enough rope to hang themself...
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Terry Davis
> > Sent: Monday, November 26, 2001 7:46 AM
> > To: openldap-software@OpenLDAP.org
> > Subject: Re: performance problems with nss pam ldap
> >
> >
> > Hello,
> >
> > I am still seeing a major performance problem when doing some queries on
> > my group information which is stored in ou=Groups,dc=domain,dc=com.  To
> > be more specific, I am doing apache auth with pam which is using
> > nss which is getting its information from ldap.  (phew)
> >
> > The normal auth (username and password) seems to be fine.  I have been
> > using that with my imap server for a long time now.  I just now am
> > starting to use groups which is rather slow.
> >
> > I went ahead and created some indexes.  I am not seeing a difference.
> >  Here is what I did:
> > Put this stuff into my slapd.conf:
> >     index default pres,eq
> >     index   objectClass,uid
> >     index   cn,memberUid,uidNumber,gidNumber   eq
> >
> > Restarted the server in read-only mode by adding this to my slapd.conf:
> >     readonly       on
> >
> > I ran this command:
> >     slapindex
> >
> > This created some dbb files for me in my ldbm directory.
> >
> > Did I miss anything?  Also, how often or should I reindex?
> > It appears as if www.openldap.org is down.
> >
> > Thank you!
> >
> >
> > Roel van Meer wrote:
> >
> > >Terry Davis wrote:
> > >
> > >>haha, and if I have none.
> > >>
> > >>ok, go ahead, smack me.
> > >>
> > >
> > >I'd rather you give some feedback on the howto if you can spare the
> > >time. I'm trying to get the project going again, but i need some
> > >input for that.
> > >
> > >Regards,
> > >
> > >rolek
> > >
> > >>>Terry Davis wrote:
> > >>>
> > >>>>Hello!  I am seeing some big performance hits when I attempt
> > to do group
> > >>>>auth against my ldap server.   When I do normal auth, without
> > any group
> > >>>>queries, it is very fast.
> > >>>>I have user information in:
> > >>>>ou=People,dc=birddog,dc=com
> > >>>>
> > >>>>and group information in :
> > >>>>ou=Groups,dc=birddog,dc=com
> > >>>>
> > >>>>What can I do to debug this?
> > >>>>
> > >>>>I can make any of my config files available.   Thank you!
> > >>>>
> > >>>This may be caused by not having the right indexes in slapd.conf.
> > >>>
> > >>>Regards,
> > >>>
> > >>>rolek
> > >>>
> > >>>--
> > >>>1A First Alternative rolek@alt001.com    www.alt001.com
> > >>>Linvision BV         rolek@linvision.com (www|devel).linvision.com
> > >>>--
> > >>>
> > >
> > >--
> > >1A First Alternative rolek@alt001.com    www.alt001.com
> > >Linvision BV         rolek@linvision.com (www|devel).linvision.com
> > >--
> > >
> >
> >
> > --
> > Terry Davis
> > Systems Administrator
> > BirdDog Solutions, Inc.
> > (402) 829-6059
> > www.birddog.com
> >
> >