finger not working, service very slow with ldap

[Matt Juszczak]

Howdy,

Finger is working for some of my system accounts, and not others.  A check 
of the log displays the following:

Apr  7 16:50:29 uranus slapd[57684]: conn=85 op=0 BIND 
dn="cn=pamclient,ou=SystemAccounts,dc=mydomain,dc=net" method=128
Apr  7 16:50:29 uranus slapd[57684]: conn=85 op=0 BIND 
dn="cn=pamclient,ou=SystemAccounts,dc=mydomain,dc=net" mech=SIMPLE ssf=0
Apr  7 16:50:29 uranus slapd[57684]: conn=85 op=0 RESULT tag=97 err=0 text=
Apr  7 16:50:29 uranus slapd[57684]: conn=85 op=1 SRCH 
base="ou=People,dc=mydomain,dc=net" scope=1 deref=0 
filter="(objectClass=posixAccount)"
Apr  7 16:50:29 uranus slapd[57684]: conn=85 op=1 SRCH attr=uid userPassword 
uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Apr  7 16:50:30 uranus slapd[57684]: conn=85 op=1 SEARCH RESULT tag=101 err=4 
nentries=500 text=
Apr  7 16:50:30 uranus slapd[57684]: conn=85 fd=19 closed

and it returns "user mjuszczak not found".  Whats funny is that it returns 500 
entries, even though there is only one mjuszczak user.  This could also be the 
reason that logging into the server is taking absolutely forever.  A login 
takes about a minute, and the tail -f of ldap.log with loglevel 128 shows it 
searching every single user, all 7000 ... for some reason.  Could my indexes in 
slapd.conf possibly be off, or is this something I messed up in freebsd's 
pam.d?


Here is the index list btw for slapd.conf, but of course if this is an 
ldap problem I will be contacting that email list anyway.

index           objectClass     eq
index           sudoUser        pres,eq
index           uid     pres,eq




Thanks in advance!

-Matt