RE: [LDAP] Speeding up authentication using ldap

On Mar 15, 2006 06:30am, davideyeahsure@onlyforfun.net wrote to All:

> I have some 100 servers using openldap for authentication, the
> servers are using various versions of RedHat (I don't think that is
> important but what the hell...) the problem is that after entering the
> password it takes about 30 seconds before giving the prompt.

> After some digging and checking I find out that the problem is the
> retrieval of the groups to which the user belongs. The nss library
> run a search of the type

[...]

> As far as I can see in the source codes of the ldap_nss library, the
> decision if to use 2307 Bis or not is done at compile time and can't be
> changed later without recompiling the whole lib. I haven't been able
> to find a way to circumvent this problem, tryed also to add the
> 'uniqueMember' attribute to my ldap schema, but that didn't improved
> the performances.

> So, before I start the mammooth task of recompiling on all the servers...
> anyone has any idea of how to force it to use a shorten (or quicker)
> query?

Tried cutting down on the number of LDAP servers in use on your network?

Robert Wolfe (robert.wolfe@net261.com)

.... http://www.net261.com:81 | telnet://bbs.net261.com