I have OpenLDAP 2.2 set up on a test machine and it's very fast.
Once I got it set the way I wanted I did an install on a production
machine and it's very slow. It's so slow that if I tell sshd to only
allow certain groups to authenticate, it fails because it times out
before the groups are retrieved. On the test (fast) machine the
"groups user" command takes less than 1 second to retrieve the list of
users. On the production (slow) machine, it takes almost 13 seconds
for the same user. If I point the slow machine at the fast machine it
still takes less than 1 second as opposed to the 13 seconds for
localhost. The same time difference is obvious using ldapsearch as well.
The only difference I can find between the machine is that the fast
test machine is an old Dell OptiPlex Gx1p desktop with a PII 600 and
256 MB RAM and the slow production machine is a Dell PowerEdge 2550
with a PIII 1000 and 512 MB RAM.
They both have the same data in the directory, the same
configuration, same software versions:
SuSE Linux 9.1
OpenLDAP 2.2.6
pam_ldap 169
nss_ldap 215
openssl 0.9.7d
db 4.2.52
/etc/ldap.conf match
/etc/slapd.conf match
/etc/security/pam_unix2.conf match
/etc/nsswitch.conf match
/etc/sysconfig/ldap match
/etc/sysconfig/openldap match
Actually, I just found something that doesn't match. The fast box
is using kernel 2.6.5 and the slow box is using 2.6.8.
Any ideas on how to track down what's causing this problem?