Top takes long to start
Johan Hendriks
joh.hendriks at gmail.com
Tue Oct 13 11:02:49 UTC 2015
Op 12/10/15 om 10:59 schreef Matthew Seaman:
> On 10/12/15 09:04, Johan Hendriks wrote:
>> We use a central LDAP server with about 10k of user accounts.
>> This is all running on Ubuntu servers. When we use top on a linux
>> client, top starts instant.
>> Now we are in the process of adding some FreeBSD server in the mix.
>> One thing we noticed is the fact that as soon as we enable ldap top
>> takes about 3 to 5 seconds to start on the FreeBSD hosts.
> Wht are you using for ldap pam/nss connectivity? Definitely recommend
> net/nss-pam-ldapd or net/nss-pam-ldapd-sasl (if your LDAP requires SASL
> auth). This has a built in nslcd cache daemon, which should help avoid
> some of the delays involved in looking up userids over your lan.
>
> Cheers,
>
> Matthew
>
>
I am using nss-pam-ldapd-sasl-0.8.14_3.
This is my /usr/local/etc/nslcd.conf file
# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
uri ldap://ldap.mydomain.com ldap://ldap-replication.mydomain.com
base dc=mydomain,dc=com
binddn uid=nss_pam,ou=account,dc=mydomain,dc=com
bindpw thisissecret
ssl start_tls
#tls_reqcert never
tls_reqcert demand
tls_cacertfile /etc/ssl/ca-certificates.crt
pam_authz_search
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))(authorizedService=$service))
My /etc/nsswitch.conf looks like
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Do I need to enable the caching?
Also lookups are running fine
id user gives a instant reply btw.
More information about the freebsd-questions
mailing list