Re: long delays with LDAP nss/pam
Be careful with indexing and slapindex.
Slapindex is supposed to be run when the slapd daemon is down, or the db is in
read-only mode.
>From the 'slapindex' man page:
LIMITATIONS
Your slapd(8) should not be running (at least, not in
read-write mode) when you do this to ensure consistency of
the database.
On 27/10/04 09:43 +0200, martin f krafft wrote:
> We run a big cluster, managed by FAI, using LDAP and NFS to provide
> users with homogenous environments across all nodes. All machines
> run sarge, and slapd is tunnelled via SSL for security purposes.
> Read-only access to the passwd/group directory is anonymous. All
> nodes are running nscd.
>
> While this worked beautifully last week, I returned this week to
> find everything taking ages. ls /home takes about 3 seconds before
> listing the directories (libnss apparently takes so long to map
> uid->login), even when there are only 10 directories at the moment
> (the cluster is still in beta). Furthermore, logging in takes
> between 2 and 10 seconds.
>
> If I tune in to the slapd debug output, I can see it working big
> time and accessing millions of keys. This was not the case last
> week, or slapd was about 100 times faster then. The only change
> I can remember was adding a new group and placing a bunch of people
> in there. This should not have the aforementioned effect really.
>
> Has anyone experienced the above before? What could be the reason?
> How can I fix this?
>
> Would this post have been better over at -user?
>
> --
> Please do not CC me when replying to lists; I read them!
>
> .''`. martin f. krafft <madduck@debian.org>
> : :' : proud Debian developer, admin, and user
> `. `'`
> `- Debian - when you have better things to do than fixing a system
>
> Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
--
------------------------------------------
Ted Knab
Chester, Maryland 21619 USA
------------------------------------------
See you at LISA in Atlanta. :)
Reply to: