Re: Slow logins

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: steve <steve [at] steve-ss.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Slow logins
Date: Thu, 19 Dec 2013 18:44:30 +0100

On Thu, 2013-12-19 at 17:32 +0000, Daniel Givens wrote:
> Hi! I am on an ldap server with a large number of users and groups. Logins 
> are taking a very long time and upon running nslcd with debug enabled, the 
> service is looking up every group and every user within every group. For 
> someone with ten or so groups and a couple hundred users in a few of those 
> groups, it ends up taking 30 to 40 seconds to login to a box.
> 
> Is there any way to stop the group member lookups?
> 
> Here's my config:
> 
> uid nslcd
> gid nslcd
> 
> uri     ldap://ldapserver/
> base    ou=users,o=org
> base    ou=POSIXGroups,o=org
> 
> base    group   ou=POSIXGroups,o=org
> filter  group   (objectClass=posixGroup)
> scope   group   one
> base    passwd  ou=users,o=org
> filter  passwd  (objectClass=posixAccount)
> base    shadow  ou=users,o=org
> filter  shadow  (objectClass=posixAccount)
> 
> referrals no
> 
> ssl start_tls
> tls_reqcert allow
> 
> nss_initgroups_ignoreusers root,vagrant
> pagesize 100
> 
> 
> Any help would be greatly appreciated!
> 
> Daniel Givens

Hi
I think your filter is forcing the group lookup. Here against AD and
with objectClass: posixGroup in the group DN, it works fine without it.

Worth a try?
Steve


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Slow logins, Daniel Givens
- Re: Slow logins, steve

Prev by Date: Slow logins
Next by Date: Re: Slow logins
Previous by thread: Slow logins
Next by thread: Re: Slow logins