Re: Issue with nslcd Retrieving 2000+ Entries from LDAP (AD)

[Kokila Koks <kokilavaradhan [at] gmail.com>]

A Gentle reminder on this . Any inputs for the below query would be appreciated.

Thanks,

kokila V

On Wed, Feb 12, 2025 at 10:43 AM Kokila Koks <kokilavaradhan [at] gmail.com> wrote:

Tried ldapsearch for the same AD server and could see paging happening . Exact scenario happening here is since the base DN is minimal nslcd is busy in retrieving ldap search results 

Hence authentication is not happening . Need to know how we are able to resolve this issue by reducing the time taken to get the ldap search results and process it (Already having the page size config in our nslcd). So that authentication works fine .

Thanks & Regards.

kokila V

On Thu, Feb 6, 2025 at 9:52 PM Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Wed, 2025-02-05 at 10:11 +0530, Kokila Koks wrote:
> System Information:
> * nss-pam-ldapd Version: 0.9.8
> * LDAP Server: Active Directory
> nslcd Configuration Details:
> timelimit 5
> bind_timelimit 5
> pagesize 1000
> I suspect the issue might be related to handling large result sets or
> the page size limit configuration.

If you run nslcd in debug mode you can get a little more details on
what is going wrong (you could also use the log option in nslcd.conf to
create a debug-level log). It is possible that some error is logged.

Some LDAP servers for instance set a maximum query size, irrespective
of paging that could cause problems. I'm actually not sure of AD
supports paging so you could also try disabling paging altogether.

This assumes that NSS and PAM have been correctly configured.

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --