[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

long delays with LDAP nss/pam

We run a big cluster, managed by FAI, using LDAP and NFS to provide
users with homogenous environments across all nodes. All machines
run sarge, and slapd is tunnelled via SSL for security purposes.
Read-only access to the passwd/group directory is anonymous. All
nodes are running nscd.

While this worked beautifully last week, I returned this week to
find everything taking ages. ls /home takes about 3 seconds before
listing the directories (libnss apparently takes so long to map
uid->login), even when there are only 10 directories at the moment
(the cluster is still in beta). Furthermore, logging in takes
between 2 and 10 seconds.

If I tune in to the slapd debug output, I can see it working big
time and accessing millions of keys. This was not the case last
week, or slapd was about 100 times faster then. The only change
I can remember was adding a new group and placing a bunch of people
in there. This should not have the aforementioned effect really.

Has anyone experienced the above before? What could be the reason?
How can I fix this?

Would this post have been better over at -user?

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: