RSS feed

Re: Slow logins

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Slow logins

On Thu, 2013-12-19 at 17:32 +0000, Daniel Givens wrote:
> Hi! I am on an ldap server with a large number of users and groups. Logins 
> are taking a very long time and upon running nslcd with debug enabled, the 
> service is looking up every group and every user within every group. For 
> someone with ten or so groups and a couple hundred users in a few of those 
> groups, it ends up taking 30 to 40 seconds to login to a box.
> Is there any way to stop the group member lookups?
> Here's my config:
> uid nslcd
> gid nslcd
> uri     ldap://ldapserver/
> base    ou=users,o=org
> base    ou=POSIXGroups,o=org
> base    group   ou=POSIXGroups,o=org
> filter  group   (objectClass=posixGroup)
> scope   group   one
> base    passwd  ou=users,o=org
> filter  passwd  (objectClass=posixAccount)
> base    shadow  ou=users,o=org
> filter  shadow  (objectClass=posixAccount)
> referrals no
> ssl start_tls
> tls_reqcert allow
> nss_initgroups_ignoreusers root,vagrant
> pagesize 100
> Any help would be greatly appreciated!
> Daniel Givens

I think your filter is forcing the group lookup. Here against AD and
with objectClass: posixGroup in the group DN, it works fine without it.

Worth a try?

To unsubscribe send an email to or see