[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
performance problems with ldap auth - please help!
- To: openldap-software@OpenLDAP.org
- Subject: performance problems with ldap auth - please help!
- From: Terry Davis <tdavis@approbation.org>
- Date: Sat, 02 Mar 2002 00:10:23 -0600
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.8) Gecko/20020204
Hello,
I am having serious performance problems with group authentication. Here
is my process:
apache -> pam -> openldap
It takes less than a second to pull up a page using normal htpasswd auth
and anywhere from 7 to 14 seconds to authenticate from the ldap server.
When I do authenticate, here is what I see in the slapd logs:
Mar 1 18:35:39 atlas slapd[16889]: conn=196 op=51 SRCH
base="ou=Groups,dc=domain,dc=com" scope=1 filter="(objectClass=posixGroup)"
Mar 1 18:35:39 atlas slapd[16889]: conn=196 op=51 ENTRY
dn="cn=root,ou=Groups,dc=domain,dc=com"
Mar 1 18:35:39 atlas slapd[16889]: conn=196 op=51 ENTRY
dn="cn=bin,ou=Groups,dc=domain,dc=com"
Mar 1 18:35:39 atlas slapd[16889]: conn=196 op=51 ENTRY
dn="cn=daemon,ou=Groups,dc=domain,dc=com"
Mar 1 18:35:39 atlas slapd[16889]: conn=196 op=51 ENTRY
dn="cn=sys,ou=Groups,dc=domain,dc=com"
The above gets repeated through ALL of my groups.
I attached my configs in separate files to make things easier.
Also, here is an example of an entry:
dn: cn=cvs,ou=Groups,dc=domain,dc=com
objectClass: posixGroup
objectClass: top
cn: cvs
userPassword: {crypt}x
gidNumber: 525
memberUid: td
memberUid: God
If someone is doing this, please email me so we can compare notes and
find out where I am messing this up. [:)]
Thank you!!
--
Terry Davis
http://approbation.org/
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nadf.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/krb5-kdc.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/evolutionperson.schema
schemacheck on
#readonly on
# ACL files
include /etc/openldap/acls/acl1
pidfile /usr/var/slapd.pid
argsfile /usr/var/slapd.args
loglevel 768
#referral ldaps://ldap.domain.com/
# Load dynamic backend modules:
# modulepath /usr/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
cachesize 10000
dbcachesize 3000000
suffix "dc=domain,dc=com"
directory /home/openldap/domain-ldbm
rootdn "cn=root,dc=domain,dc=com"
rootpw password
updatedn "cn=root,dc=domain,dc=com"
updateref "ldap://ldap1:389/dc=domain,dc=com"
# indexes
index objectClass,uid,cn pres,eq
index default pres,eq
index sn,uidNumber,userPassword,givenName,telephoneNumber,mail,title,homePhone,mobile,pager,roomNumber,homeDirectory,loginShell,gecos,mailLocalAddress,mailRoutingAddress,mailhost,memberUid,gidNumber eq
lastmod on
# Your LDAP server. Must be resolvable without using LDAP.
host ldap2
base dc=domain,dc=com
rootbinddn cn=root,dc=domain,dc=com
pam_member_attribute memberUid
nss_base_passwd ou=People,dc=domain,dc=com?one
nss_base_shadow ou=People,dc=domain,dc=com?one
nss_base_group ou=Groups,dc=domain,dc=com?one
#%PAM-1.0
#[For version 1.0 syntax, the above header is optional]
#
# The PAM configuration file for the `httpd' service
#
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_ldap.so
session required /lib/security/pam_ldap.so