[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_ldap slow



We've be toying with pam_ldap for sometime now.  It looks like RH 7.1
almost has it right, out of the box.
We have passwd and group files exported into the ldap and pam/nsswitch
configure to use the ldap.  Logins are working great except for being
very slow.

We've run the sldap in debug mode (-d 256) and have notice that the
slowness appears to be coming from the group filter pam/nsswitch is
running against the ldap.
This is the filter from slapd debug:
conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2 
filter="(&(objectClass=posixGroup)(|(memberUid=root)
(uniqueMember=uid=testuser,ou=People,dc=musc,dc=edu)))"

Our guess is that the problem lies with "uniqueMember" being used
instead of "memberuid".

We have ldap.conf on the client configure to use "memberuid", but it
appears to be ignored.
ldap.conf snip:
# Group member attribute
pam_member_attribute memberuid


Anyone have any thoughts or ideas?

Thanks in advance.



-- 
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
--------------------------------------\
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []