nss_ldap for very large directory

Pascal Levy pascal.levy at univ-paris1.fr
Fri Feb 19 11:23:04 UTC 2010


I'm trying to set up ldap authentification and nsswitch stuff for freebsd 8.

I configured pam with pam_krb5 for auth and pam_ldap for account
I use nss_ldap for group and password database with sasl on, meaning that 
process with uid 0 bind to ldap with rootbinddn and users process bind with 
their GSSAPI/Kerberos credentials.

Everything works fine.... except that I can't use nss_getgrent_skipmembers in 
nss_ldap.conf. If I set it to yes, users don't have their group set at all 
(only the gid one). This work well with Debian...

We have a very large directory here (about 50 000 active users, 4000 groups, 
some with thousands of members...) so I definitely need freebsd not to lookup 
for every users in every group for each operation...

Else, I haven't found usefull document for setting nscd for very large 

thanks in advance and sorry for my english,


Pascal Levy
Ingénieur système, réseaux, SI

Université Paris 1 Panthéon-Sorbonne
Centre de ressources informatiques et du réseau (CRIR)
Pôle Infrastructures
90 rue de Tolbiac
75634 Paris Cedex 13
tél : 01 44 07 88 81 / 06 45 62 67 57

Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

More information about the freebsd-questions mailing list