RE: [LDAP] Speeding up authentication using ldap - Linux

This is a discussion on RE: [LDAP] Speeding up authentication using ldap - Linux ; On Mar 15, 2006 06:30am, davideyeahsure@onlyforfun.net wrote to All: > I have some 100 servers using openldap for authentication, the > servers are using various versions of RedHat (I don't think that is > important but what the hell...) the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: [LDAP] Speeding up authentication using ldap

  1. RE: [LDAP] Speeding up authentication using ldap


    On Mar 15, 2006 06:30am, davideyeahsure@onlyforfun.net wrote to All:

    > I have some 100 servers using openldap for authentication, the
    > servers are using various versions of RedHat (I don't think that is
    > important but what the hell...) the problem is that after entering the
    > password it takes about 30 seconds before giving the prompt.


    > After some digging and checking I find out that the problem is the
    > retrieval of the groups to which the user belongs. The nss library
    > run a search of the type


    [...]

    > As far as I can see in the source codes of the ldap_nss library, the
    > decision if to use 2307 Bis or not is done at compile time and can't be
    > changed later without recompiling the whole lib. I haven't been able
    > to find a way to circumvent this problem, tryed also to add the
    > 'uniqueMember' attribute to my ldap schema, but that didn't improved
    > the performances.


    > So, before I start the mammooth task of recompiling on all the servers...
    > anyone has any idea of how to force it to use a shorten (or quicker)
    > query?


    Tried cutting down on the number of LDAP servers in use on your network?

    Robert Wolfe (robert.wolfe@net261.com)

    .... http://www.net261.com:81 | telnet://bbs.net261.com

  2. Re: [LDAP] Speeding up authentication using ldap

    On 2006-03-18, Robert Wolfe wrote:
    > Tried cutting down on the number of LDAP servers in use on your network?


    Every server use his own LDAP server to authenticate, if that is down, there
    are two 'backup' servers (the nearest). The same result is obtained even in a
    test environment with one server running the LDAP server on his own.

    Davide

    --
    What's goes up, must come down. Ask any sysadmin.

+ Reply to Thread