slow ldap authenticaion

[Dracula]

Let me start this issue with a little background. We use Microsoft
Active Directory as our LDAP server. Using validated Microsoft
components (Microsoft Services For Unix) we have extended its LDAP
schema to allow unix servers like unix to authenticate againt ADs LDAP
server so that services like ssh, samba, su, ftp, etc can use the MS
password db. I have had no issue woth RHEL 2 AS, RHEL 3 AS using these
services. Everything has been great. I get fast lookups against AD for
authentication when I su/ssh/ftp/smb as any AD user. Life is pretty
good. When I use RHEL 4 AS, it works too, but there is a problem. If I
ssh/ftp/su/smb as root or any local /etc/passwd user, the repsonse time
is fast. If I su/ssh/smb/ftp as a LDAP user (after AD is using LDAP,
just modified) the response time is ~15 seconds. If I enable nscd, the
first su/ssh/ftp/smb attempt takes ~15 swconds. The subsequent attempts
are almost instantaneous. On RHEL 2 AS and RHEL 3 AS, I do not even need
nscd to speed up lookups against AD for su/ssh/ftp/smb. What is the
problem with RHEL 4? I even did an up2date from U1 to U2 and this made
no difference. Is there anything I can do to speed up this lookup?
Again, RHEL AS 2 and 3 against the same AD server is always fast. It is
just RHEL 4 that seems slow. Granted, on RH AS 2 I compiled nss and pam
libraies to work with AD LDAP as RH AS. In other words, RHEL 2 and 3
does not work with Microsofts implementation of LDAP unless you update
pam and nss libraries, not to mention openldap must be upgraded. On,
RHEL4 everything works out of the box excpet for this lookup delay
problem. Let me know as this is critical for an upcoming migration from
RHEL AS 2 to RHEL 4 AS


Thanks

Regards,

Komal