[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MacOS X logins very, very slow or failing with Openldap 2.1.23...





--On Tuesday, November 25, 2003 2:40 PM -0500 Everette Gray Allen <Everette_Allen@ncsu.edu> wrote:


So,I have: Server solaris 2.8 (netra, gig of ram, no other services) running openldap 2.1.23 with 65k records indexed: index objectClass eq index uid eq index uidNumber eq index gidNumber eq

Schemas which build default with opendap (ie no Apple schema).

disallow bind_anon

access  to attr=userPassword
by self               read
by anonymous          auth
by *                  none
#
access  to dn="^.*,uid=([^,]+),ou=People,(.*)$"
by dn="uid=$1,ou=People,$2"             read
by *                                    none
#
access  to *
by self         read
by users        read
by *            none

using simple binds over tls/ssl with saslauthd -a kerberos5 (all this
works well).

So from stock MacOS X 10.3.1 can:
/usr/local/bin/ldapsearch -H "ldaps://loopback.edu/" -x -D
"uid=tester,ou=people,dc=ncsu,dc=edu" -W -b 'dc=ncsu,dc=edu'
'(objectclass=*)'
Provide password and get only that user's data back in <15 sec
something like
/usr/local/bin/ldapsearch -H "ldaps://uni01ds.unity.ncsu.edu/" -x -D
"uid=tester,ou=people,dc=ncsu,dc=edu" -W -b 'dc=ncsu,dc=edu' '(uid)'
returns in < 1 sec.
All works great.  No problem.
Now want to use this to login.
Ok use directory setup.  Enter everything, use RFC 2703 (UNIX) mappings
search base is dc=ncsu,dc=edu (even tried narrowing Users map to
ou=people,dc=ncsu,dc=edu). Set the login to same user as will login from
console id dn= uid=tester,ou=people,dc=ncsu,dc=edu.
from terminal id tester returns in about 20 seconds with correct info
lookupd -d userWithName tester returns in about 20 seconds as well.  All
works.
Now logout, restart, whatever does not make difference.
Try to login as tester and if I get loggin it takes about 4 minutes.
Not good.
My questions:
Is anyone actually using this setup?
What am I doing wrong?
Any help would be appreciated!!!

We use it here without problem. Our setup guide is at:

<http://www.stanford.edu/services/directory/posix/macosXposix.html>

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html