Authentication with ldap very slow
Dick Davies
rasputnik at hellooperator.net
Wed Jan 26 15:52:24 PST 2005
* Albert Shih <shih at math.jussieu.fr> [0131 23:31]:
> Le 26/01/2005 ? 23:28:02+0000, Dick Davies a ?crit
> > * Albert Shih <shih at math.jussieu.fr> [0105 22:05]:
> > > Hi
> > >
> > > I've a server (FreeBSD 5.3-p5) to use a openldap for authentication.
> > >
> > > Everthing work fine but....it's very slow when some operation need to known
> > > the id <--> uid. For example if I try to execute some
> > >
> > > cd /home
> > > ls -l *
> > >
> > > It's very very slow.
> > Are you on a dialup or something?
>
> no on 100 Mbits/s switching network ;-) soon on 1Gbits/s ;-))
Wierd - I've got a wireless (11mbit) client using nss_ldap via startTLS and have
no trouble at all (and the server is a 600Mhz mini-itx box).
i just tried :
make /tmp/mydir
ls -lR that and tcpdump what i'm sending to the server
(about a dozen lines of output)
ls -lR /usr/local/misc (about 3Gb of mp3s owned by me) and tcpdump what i'm sending to the server
(about a dozen lines of output)
so it looks like only the one query is done by ls (i.e. it only looks up the name when it displays
the output). How many directories are under /home? Unless we're talking hundreds, it shouldn't be
more than a second or so delay, tops.
It does'nt appear to caching (repeating the ls a couple of seconds later sends the
same query), but then i don't think that accounts for your huge delays.
It's definitely the uid lookup? Not NFS /home or something
(Is ls * much faster than ls -l)?
Anything in your logs? I know you can turn on debugging in PAM, don't know how to
do it in nsswitch....
--
'One cannot make an omelette without breaking eggs --
but it is amazing
how many eggs one can break without making a decent omelette.'
-- Charles P. Issawi
Rasputin :: Jack of All Trades - Master of Nuns
More information about the freebsd-questions
mailing list