I have OpenLDAP 2.2 set up on a test machine and it's very fast.
Once I got it set the way I wanted I did an install on a production
machine and it's very slow. It's so slow that if I tell sshd to only
allow certain groups to authenticate, it fails because it times out
before the groups are retrieved. On the test (fast) machine the "groups
user" command takes less than 1 second to retrieve the list of users. On
the production (slow) machine, it takes almost 13 seconds for the same
user. If I point the slow machine at the fast machine it still takes
less than 1 second as opposed to the 13 seconds for localhost. The same
time difference is obvious using ldapsearch as well.
The only difference I can find between the machine is that the fast
test machine is an old Dell OptiPlex Gx1p desktop with a PII 600 and 256
MB RAM and the slow production machine is a Dell PowerEdge 2550 with a
PIII 1000 and 512 MB RAM.
They both have the same data in the directory, the same
configuration, same software versions:
SuSE Linux 9.1
OpenLDAP 2.2.6
/etc/ldap.conf match
/etc/slapd.conf match
/etc/security/pam_unix2.conf match
/etc/nsswitch.conf match
/etc/sysconfig/ldap match
/etc/sysconfig/openldap match
Actually, I just found something that doesn't match. The fast box is
using kernel 2.6.5 and the slow box is using 2.6.8.
Any ideas on how to track down what's causing this problem?